Who is the message From? Who is the Reply-To?
There is a sense of urgency.
The email asks for personal information.
The email has bad grammar, odd formatting, or misspelled words.
The email is not signed by an actual person or there is no phone number to call for questions.
What if the email is from UPS, FedEx, airline, or cell phone company?
NOTE: With a spear phishing attack (very targeted attack), you may even see words like "OIS", "Zimbra", "Pittsburg State University". The inclusion of these words does not make the email any more legitimate. This just means the attackers have done their research.
Legitimate emails from PSU will NEVER, ever, ask for your password.