Lessons on online safety often focus on cyberbullying, predators and privacy. But there’s another realm of digital citizenship that’s equally vital for students to understand: online scams and hacking.

Internet hacking, which costs consumers and companies an estimated $445 billion dollars each year, rarely has anything to do with your computer’s hardware or software. Most of these scams rely on social engineering, where hackers dupe people into opening attachments or clicking links in email.

Some hackers are looking to steal identities while others are skilled at tricking people into sharing sensitive financial information. Regardless of the type of scam, most are not that sophisticated and can be prevented by taking simple precautions.

Share these five email red flags with students so they know how to stay secure online.

1. Not even PDFs are safe. If you receive an attachment from an unknown sender, be wary. Even if your antivirus scanner reports the file safe, there could be macros embedded in the file that launch malware or Trojans, which let hackers see and control all your files and keystrokes. The only file type that is always safe to open is TXT.

2. Closely examine the URL. One clue that an email is malicious is if a company name in the URL is misspelled. But it’s not always easy to tell. An “r” next to an “n” looks a lot like an “m.” So make sure that the email in your inbox is actually from Microsoft not rnicrosoft.

3. Check the time. Was the email sent at an odd hour? If you receive an email from a friend or colleague at 4 a.m. and that seems out of character, look for other clues that the email is phony.

4. Don’t be fooled by urgency. If an email message demands immediate action, slow down and think. Take the time to verify the request. When in doubt, throw it out!

5. Hover over the link. Does the sender’s logo look legitimate but the email still seems fishy? Rest your mouse over hyperlinked words to see the actual URL. You might be surprised that it looks nothing like the address of a legitimate sender.

Chuck Dinsfriend is ISTE’s senior director of IT. Prior to joining ISTE in 2011, he held IT leadership positions at four school districts in Oregon and California. He is a strong advocate for 1:1 computing, BYOD and cloud computing, and was an early adopter of Google Apps for Education. When not working with technology, he enjoys writing and playing music.

You can have it both ways. The ISTE book Security vs. Access illustrates how school leaders can maintain safety and security while affording students the freedom to create and collaborate using digital tools.