A phishing attempt that makes even people who are very good at spotting them pause for a moment and take a good look is a perfect example on which to learn.
Ravi Dehar of OpenDNS shares such an e-mail:
The subject of the e-mail says “Campaign stopped running”, and the standard Google logo, fonts, and color scheme – not to mention the “correct” e-mail address (email@example.com) are used to convince the user the e-mail is legitimate.
But the “Reply to” address, as well as the “From” address, can be faked, so Dehar warns not to use them as a detail on which to decide if an e-mail is legitimate or not.
But a closer look at the e-mail confirms that it is, indeed, a phishing attempt. Spelling and grammar mistakes are an obvious clue – a large corporation like Google would never send out such an e-mail.
The next clue is in the provided link. Hovering above it reveals an URL hosted at google-dn.com – not the correct one. And as a final nail in the coffin, a look in the message details reveals that the e-mail was sent by mail.wisenetworks.co.uk, not Google servers.