bloggers resources

7 Tips to Avoid Email Phishing

hacking‘Phishing’ is an attempt to steal your personal information by posing as a trusted source (a friend, your bank–like that). Kaspersky reports that spam accounted for 66% of email last year. Of that number, phishing tripled. Why? Because it works. This is not to be taken lightly. Best case, it can shut your email down while you clear the problem. Worst case, you can lose your identity, your income, and your peace of mind. Here are some hints:

  • don’t blindly trust your virus protection. It can only keep you safe from known problems. Softpedia reports that new malware designed to infect Android devices appears every 17 seconds. I wonder how many there are for iPhones, Windows-based devices, Macs?
  • don’t open attachments to unexpected emails–especially from strangers. Every attachment has the potential to include malware or Trojans that silently burrow into your computer’s data and send it back to its master. Request that the sender embed the attachment contents if possible into the message portion of the email so you can preview it. Truthfully, I open lots of attachments, but they’re always expected. When someone I know sends me an unexpected attachment, I ask them to include a code (something no one would expect, like their initials) in the first line of the email so I know it’s legit.
  • don’t click links in emails–especially from strangers. I routinely make exceptions with this if it’s from someone I know and/or an expected email. DO NOT EVER click links from a financial institution no matter how legit it looks. Spammers are very good at spoofing legit financial institution websites, and thus persuading you to enter your highly-private user name and password. Enter the website independent of the email if you feel it requires attention.
  • check the email address of the sender. Does it match the name? Does it look representative of the sender (for example, would Wells Fargo use an email address like
  • check for misspellings and misphrasings. Often, spammers aren’t fluent in your native language and make mistakes.
  • if you know the sender, does the email you just received from them sound like their communication style? If not, send them a quick note to ask if they just contacted you.
  • if the email passes all of these tests and you’re prepared to click on a link, PAUSE FOR ONE MORE TEST: Hover over the link and see what the address is. If it doesn’t match what the text says or doesn’t look legitimate, don’t click.

Sure, these six steps take time, but they’ll save you money, grief, and stress when you avoid a problem.

For more, here’s what suggests to avoid being victimized by phishing, and here’s Johnson and Wales’ response to heightened phishing they experienced at their University.

More safety tips:

How to Teach Internet Safety in K-6

What Online Parental Controls Work?

29 Steps to Internet Safety for Kids

Jacqui Murray is the author of the popular Building a Midshipman, the story of her daughter’s journey from high school to United States Naval Academy. She is the author/editor of over a hundred books on integrating tech into education, adjunct professor of technology in education, webmaster for four blogs, an Amazon Vine Voice book reviewer,  a columnist for TeachHUB, Editorial Review Board member for Journal for Computing Teachers, monthly contributor to Today’s Author and a freelance journalist on tech ed topics. You can find her book at her publisher’s website, Structured Learning.

53 thoughts on “7 Tips to Avoid Email Phishing

  1. Thanks for this, it’s an important issue. My friend recently got an email from the post office, saying he wasn’t home for a delivery and would need to pick it up in person. All he did was click the link and his entire computer was hacked. Really scary stuff!


    • That’s awful. And seems to be happening a lot. I don’t think there’s any way to protect ourselves from a cracker who’s determined to get into our computers. What we can do is keep the less-committed out.


  2. It seems like there are more and more of those emails going around, and I’m baffled at how many people are fooled by them. I mean, a newbie, I get that, but those of us who have been using email for ages?


  3. There’s a lot of great information in this article. I’d like to comment on one point in particular. “if you know the sender, does the email you just received from them sound like their communication style? If not, send them a quick note to ask if they just contacted you.” If you send an email back to the person you know and their email has been compromised, the spammer will more than likely be the one to get your message, confirming that your email address is active. A better way is to send a private message through social media or call the person.


      • Yes, that could be. What happened with me was the hacker sent emails to my contacts list. During my security check, I went to all the forwarding spots where he could have taken control of my email, but he didn’t. It was disconcerting going through that list, thinking how easy it would be.


  4. These are email addresses to report spam phishing. Some of these (like the banks) I don’t even have accounts at! But I always report them. If you Google the name of the company being mentioned and “phish email,” you’ll usually come up with a reporting email address quite easily:,,,

    PayPal, in particular, is very attentive to phishing emails. I’ve even asked a question (“Is this real?”) when forwarding emails and they’ve answered me promptly.

    (I posted this on TSRA’s blog, too.)


  5. I’m careful not to click on links nor open attachments from odd messages. I’ve heard of horrible things happening when someone does. Some people have their computer locked frozen by a virus and can’t do anything on it on it. They’ve even had to pay a lot of money for a professional to fix it.


  6. Thanks Jacqui – it’s pretty scary. Also when SARS (South African Revenue Service) sends you a link to open advising that they have money for you as a rebate … we’ve been advised NOT to open that.


    • A lot of our banks offer the same advice: They will never send emails like that. I take them at their word and trash all of those, especially with this latest hack of our government OPM–20 million people’s records stolen. Mine was in that number. Sigh.


  7. Great advice, Jacqui, and I’d like to add three more. Regarding sending a quick note to someone if you suspect they might not have sent the original. Don’t send as a reply, but as a new message to the email address you have for them. That seems obvious, yet I know many people are so used to “replying,” they don’t always consider to whom they’re sending a reply. The second alert is the subject line. If the subject seems like a ridiculous topic for your known acquaintance to use, don’t open the email without checking first with that person. Third, don’t trust the email protection of your sender. It may not be your actual friend, and even if it is, it may have been breached in the transmittal, especially if what they’re sending is a site address rather than a message they’ve written you.
    This leads to another thought for folks to consider. When sending emails, what you write in your subject line shouldn’t raise suspicions for the recipient. It should be a familiar topic or even a subject line you always write for that person so they know it’s you. Write an actual topic, not a number, as sometimes happens with messages sent from cell phones. The many avenues of communication make our lives easy and complicated at the same time.


    • Good additions every one. In my case, the bad email actually went out from my Gmail account. Gmail has an automatic process that only allows free personal users 500 emails a day (something I didn’t know until this happened). They shut me down at that point and made me go through security checks before reinstating me. I wasn’t even annoyed–just thankful that they’d stopped the thing before it got worse.


  8. It’s worrying that there are so many ways of attacking us. Fortunately, Hotmail always pops any email they don’t recognise into my junk file. I do check it regularly for expected emails from known new sources. What does worry me is when I get an email from someone I know and it just contains a link. I don’t open them, for I know that those persons would not have sent it but when it happens more than once from the same person, it bothers me a lot. I do try to warn the ‘senders’ but I have one friend who I know is in a situation where he cannot use his computer for a couple of years because he is in a health trial but I also cannot tell his wife because she is not computer literate and would not have a clue what to do about it and I don’t want either of them to be worried because both are not well people. The only good thing about it is that I know he could not possibly have sent the emails…


    • There’s no way to keep up anymore. When 20 million people’s personal information is stolen (the OPM hack a few weeks ago–which I ended up part of) at once, I don’t know what we are supposed to do anymore!


What do you think? Leave a comment and I'll reply.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s