Questions to ask yourself
First and foremost look at the from Email address (not the name). Does the email address it's coming from make sense with the subject and contents of the email?
If it's from an @gmail.com address, anyone on the planet can create a free google account and use it to send out junk. If you contact me, I'll show you either this if your email is google based (you have to use a web browser, no Outlook or other email clients)
OR
McAfee, Norton, Paypal, insert_common_name_here email's will not be coming from @gmail.com accounts.
And you don't need a paid McAfee or Norton when Windows 10/11 has a free built in Antivirus Defender that works just as well.
The standard sniff tests on evaluating E-mail attachments or links are (more than 2 below and it's probably phishing/scam):
- Were you expecting it?
- Do you know the person? (Just recognizing the persons name doesn't automatically make the message safe, viruses are sent with name of people you know)
- Does it make sense you'd be getting this?
- Does the content of the message (file or URL) jive with the rest of the message?
- From:, Replyto:, sending server etc. Are there anomalies?
- Is the language/spelling have the proper syntax (does it look like it's written by someone that doesn't speak English as their first language)?
- Research extra info of the message (Address make sense, call phone numbers etc)
If you wanted to investigate a little further in other cases, you can do a virus scan online using many virus scanners:
- Save the pdf to your computer without opening it (or viewing in explorer with the preview pane enabled)
- Goto www.virustotal.com and upload/scan the file.
Note that handling virus files are safe to save/cut/copy/paste/move around and handle (and just doing that will make your Antivirus scan the file automatically). You get in trouble when you open/view/preview/etc it with a program/application/windows preview function etc.
Example
In this case the warning signs are:
I give this example high probability that it's a scam.
Checking the E-mail header information results in even more mismatching information: