Be wary of unexpected attachments. These could contain viruses or malware. The most common types of attachment scammers use are PDFs, but they can be virtually anything. A new type of business scam is to pretend the user has a voicemail to listen to, but the attachment takes them to an html page to enter their details.
Legitimate emails will usually have a professional signature with contact details. The lack of these could be a sign of a phishing email. Larger corporations will often have a headshot in their signatures, which is another good sign to look for.
Emails asking for personal or financial information are almost always a scam. Banks, and legit companies, will never ask you to send sensitive information. Phishing emails often arrive at odd hours. The timing can sometimes be an indicator of foul play. This can be due to the scammer sending the phishing email from a different country, in a different time zone.
More info: Office 365 Migration Services