Yeah, probably. That's your short answer. But, if you want to get in the habit of being more confident about it, read on.
Signs it's a scam:
- Bad grammar and poor spelling. Most of these are coming from overseas from non-native English speakers.
- "Click here to update your account info" - real emails know better than to ask you to do this. They'll tell you to go to their site and log in - they won't link it.
- Attachments. If you're not expecting an attachment from somebody, NEVER EVER OPEN IT. Most AVs will catch those as they arrive but do you really want to risk slipping a brand new virus past your not-yet-updated antivirus?
- It's from a company that you don't do business with. See below - I'm not a CIBC client.
- Check the links. I've included one from my own Spam folder. Without clicking the link in the email, just hover your mouse over it. I repeat, do not click. Your browser or email software will tell you where that link will take you. AND don't be fooled by seeing "CIBC" somewhere in the link. The part that matters is just before the .com (or .ca or .co.uk). If a link were to say "http://CIBC.timbuktoo.ru", it's not going to take you to CIBC's site; that first part ("cibc.") can be set to anything so ignore it.
I will also mention here that just because a link looks like it will take you to one place, doesn't mean it will. I can have a link say http://cbc.ca but hover your mouse over that. Trust nothing.
Another example from my Spam folder:
Subject: Canada Post delivery
From: Main Post <email@example.com> <--there's your first clue plus most companies would use a "noreply@" or "info@" address
Canada Post service desmantling. <--no verb and a misspelling, and what does that mean anyway?
Your package is ready for you. We know that your time is valuable and important. Our Post Service has different tools to ensure you×..re able to trace your order. Thank you for being a loyal Canada Post customer.
Click here to check your track number or paste it in your browser: http://canadapostca.info/trek091112.zip " <--bad websites can use keywords but official sites rarely use the uncommon extensions like .biz or .info. Zip files are a way to package viruses which make scanning harder for some AVs.
Personal anecdote: I do a fair bit of business using Paypal. Some clients pay me online and the money goes into it and then I use those funds for buying things like my antivirus licenses. A couple of years ago, I had just completed a Paypal transaction when, one minute later, an email made it into my Inbox "About your recent Paypal transaction". The logo was current (sometimes they're out of date), the grammar and spelling was fine. I was a split second from clicking it when I stopped myself and followed the "hover the mouse" instructions above. They almost got me.
Scammers try many tricks to get you to click their links or open their attachments. You just have to be careful.
Edit: Happened to spot this in my personal Spam folder:
From: C.I.B.C Message <firstname.lastname@example.org> <-suspicious
You've got a reply from us waiting in your secure message area of Online banking. To view this important response, Login here <--real sites don't tell you to do this
CIBC Alert Team
Do the mouse-over thing to that link. (I've neutured it so it shouldn't go to a real site if you do click). Here's the destination: http://secure.inf0.cibc.black/notice8496/cibraba/checkin/w/ Again, note that even though it has "cibc" near the end of the domain, the .black (irregular extension) marks it as highly suspicious. In general, I would recommend avoiding any emailed link at all that doesn't end in a .com or .ca (and to still be wary of those in an email).