Blog Categories

How to Avoid a Phishing Attack

So, you get an email from a company that you’ve dealt with often; for example, your bank, a favorite shopping site, a local business you deal with.

And it looks exactly the same as other emails you’ve gotten from these sources.
But, with one exception…….it’s Not from the person/business you know.

And when you click on a link in the ‘familiar’ email, you get a popup that asks for your email credentials (username, password). That’s odd, you think to yourself. But you fill in the information anyway. When you click on ‘Submit’, nothing happens…..and that’s when you notice that sinking feeling in your stomach.

‘Should I have done that?’, you ask yourself.

But it’s too late. Someone now has access to your email account. And, they’ve acquired your Contact list. Pretty soon, you’re getting calls from friends and businesses; asking why you sent them an email with a virus. They are telling you that their computers are down.

As you start to flush with a combination of anger and dread, you struggle to get back to your own email program. You want to send out an urgent notice to everyone warning them not to open any emails from you. But……you can’t. Your internet connection is dead. You pull up your anti-virus program to run a scan. You can’t. It’s been disabled.

You’ve been hacked, and your computer has been compromised. Your friends have been hacked as well.

So: How do you wake up from this nightmare??
Simple really. You just have to know how.

Here ya go; But first a little background.
The answer is based on the principle: Trust, but Verify

(This adage was used by Ronald Regan, notably, in discussions with the Soviet Union regarding disarmament. Ironically, the expression is based on a Russian rhyming proverb: Doveryay, no proveryay (Trust, but Check). It was taught to President Regan by an American scholar: Suzanne Massie, preceding the discussion with the Russians.
So President Regan went into those discussions well armed).

How to be well armed:
Trust, but Verify has two components. Yes, we want to Trust communiques from our friends and business partners. But we also want to be safe. The Internet has dark neighborhoods, into which we don’t want to be led. The second component, Verify, implies that we are Watchful. If we see something suspicious, we need to go into Verify mode.

What could be suspicious about an email we’ve gotten many times before??

There are misspellings in the email, or the grammar is poor. (Now do you wish you had paid more attention in English class?? This is where a dangling participle can be dangerous)

The colors or design of company logos is slightly off.

A link you click on is asking you for personal information!!

You have to stop right there!
You Need To:
VERIFY whether the email is actually coming from the person/company you know.

Here’s how:

            Go to the top of the email, where you see your name (the recipient).
Look at the name of the sender; My Bank, My Friend, My Business partner.
Click on that name.

What’s in a name, a rose by another other name would smell just as sweet……

Not this time. That name is just some text that can be set to anything. It has nothing to do with the person who sent it.

When you click on the name, it will then show you the email address of the sender. That’s what’s important! If the email has the appearance of having come from your bank, but the email address says something like, you can be pretty dang sure that joe does not work for your bank.

More specifically, an email that actually comes from your bank would have the bank’s domain name in the address. What does that mean??

A legit address from the bank would look something like The text after the @ sign is called the Domain. Only Bank of America can use that Domain. They own it. And the internet provides verification measures to assure that only they can use it. A Microsoft address would be something like:

If you see an email address that shows a Domain name that’s different from the company, then that email is an imposter, and is dangerous. Do Not Click an Any Link in that email.

So, you’ve avoided the scam. What do you do now?

There are several options:

  1. Given the proliferation of scam emails, the easiest thing to do is: Delete the dang thing.


2. You can, go to your bank’s website, and find a link that lets you forward the bogus email to them. Supposedly, they may try to track down the offender, and maybe get the email shut down. But frankly, I don’t know how effective their efforts would be, since it’s very easy for Joe to get other free email accounts (,, You get the idea.

I’m voting for Option 1.

A young man, obviously late, is rushing down a New York street, and stops to ask for directions.
‘How do I get to Carnegie Hall?!’, he asks in desperation.
The reply; ‘Practice, my boy, practice!’

So, you need to practice finding a sender’s email address.

Just open an email from someone you’re sure of, and look for his actual email address. Ignore the fact that it says it came from, for instance, ‘Steve’. Find Steve’s email address. In my case, if it doesn’t have the Domain name, then it did Not come from me.

This is not a perfect process. I have been fooled several times by emails that were so well crafted that I didn’t question their origin, and I supplied the information they were looking for.
It happens.

So, if it happens, Whatdyado??

First, if you gave away email, or login credentials (to a website), as urgently as you can, arrange to change the password for that email, or website account. (If you don’t know how, you need to learn how to do this….Google it)

Then, run a full virus scan on your computer.
(You don’t have antivirus software?? ……We need to talk…..)

Lastly, finding that email address may vary depending on what program you use to view/compose your emails. Typical installed programs are, for example; Microsoft’s Outlook, Mozilla Thunderbird, Apple’s Email program, etc.

Web based emails (accessed via a browser like Chrome or Safari) are, for example; Yahoo Mail (, Gmail (, and Microsoft mail (Hotmail, MSN, or Outlook; all accessible at

Whichever you have, learn how to expose a sender’s email address.

Sometimes, it’s not obvious, so Google is your friend.

E.g. Google search: How do I view a sender’s email address in Gmail?

Would you like to learn about other ‘interesting’ hack attempts and phishing attacks? These are true stories…..see my article: Classic Internet Scams; Tales From the Front Lines