Which of the following would indicate a phishing email?

Requests for your credentials paired with a link to a domain that is only slightly different from a legitimate site are classic signs of a phishing email. The attacker’s goal is to trick you into entering your username and password on a page that looks real, but is controlled by the attacker. The almost-but-not-quite-correct domain is the giveaway—it's meant to slip past casual checks, but careful inspection reveals it isn’t the legitimate site. The prudent response is to not click any links or submit information, and to verify through a separate channel—contact the sender using a known method or type the official site address yourself rather than following the email link. This combination of requesting credentials and pointing to a near-duplicate domain is what identifies the message as phishing, unlike routine internal messages or legitimate-looking invoices that don’t ask for sensitive information.