Common red flags in phishing attempts include urgent or threatening language, suspicious sender information, requests for personal information, misspellings or grammatical errors, suspicious links or attachments, generic greetings, and offers that seem too good to be true.