Don't fall for Email 'Phishing' scams

author image

January 23, 2009

Fishing is where you hold the hook, and the fish are the prey. Phishing is where Internet Scam artists hold the hook and *you* are the prey. I think the ‘ph’ comes from the origins of the scam via phone.

Geeks on Tour Tutorial Video

It’s your job to not take the bait! A scam can’t work if you don’t fall for it. Sometimes the bait is obvious, like an email that says someone from Nigeria needs to use your bank account in the US to deposit millions of dollars … just give them your account info and they’ll cut you in for half! Instead, of course, they’ll empty your bank account.

But many of them are not so obvious. Many of them are very good at the con game, so you have to be good too – at recognizing and avoiding them. There are 2 primary ways that con artists work.

  1. By making fake websites
  2. By sending fake emails

Some fakes are easy to spot, some aren’t. Things to know:

  1. The ‘From’ line on an email can be faked. Just because it says it’s from your uncle Harold, or from your bank, doesn’t mean it is. I could send you an email and make it look like it’s from the IRS asking you to send me your bank account information.
  2. Links can be taking you somewhere other than what they say. For example, a link may say, “” but if you hover your mouse over it and look below, in your status bar, you’ll see the real address. In this case I’ve made the link go to In this example, ‘’ is the main website with ‘bankamerica’ as a page on that site.
  3. It’s easy to make an exact duplicate of a website (heard of copy and paste?). So, just because it looks like your bank’s site doesn’t mean it is.

When in doubt, check it out

When in doubt don’t click. With a suspect email, just delete it. Replying in any way, even to ‘unsubscribe’, just let’s the scammers know they have a ‘live one’ – a real email address. All you have to do is not fall for it, and the scam can’t work.

If it sounds like it *might* be a legitimate email from your bank or other financial institution – call them on the phone. Make sure to use a number that you know to be theirs, not one provided in the email. Or, you can visit their website directly by typing the address in your browser – just don’t use the link in the email.

Play Anti-Phishing Phil

To learn more about how to spot fake websites, try a fun online game: Anti-Phishing Phil. The most intelligent and in-depth information on fighting phishing that we’ve found is on Paypal’s website at: An excellent site for researching scams and hoaxes of all types is

Keeping your computer’s software up-to-date can protect you from the majority of viruses, spyware and scams. Sometimes no one else can protect you, sometimes you just have to be smart. Arm yourself with knowledge, and you won’t fall victim to scams.

Chris Guld
Computer Education for Travelers

Leave a Reply


  1. Pingback: flyttstädning stockholm

  2. Pingback: www

  3. Harry Gudell

    Thank You Chris, great information. Well you just got a new GOT member and I signed up for your regular newsletter as well. I would give anything to be Geeky Smart like you and your husband. Maybe by viewing all of your videos and reading and rereading your newsletters, who knows ? Thanks again. Harry

  4. It isn’t only email – we currently have a round of voice messages & text messages letting people know their Credit Union debit card are compromised & users need to call a phone number to get new cards. All you need to do is tell them your account # & PIN and they will fix everything…

  5. Chris,

    This is by far one of the best articles you’ve written. You did your homework well and the examples you gave are GREAT. I got an e-mail the other day from what looked like Paypal asking me to “verify” some information. What a lot of people don’t know–but I have for several years, is that PayPal never sends e-mails to their members asking for anything. It’s clearly stated in their Privacy Policy. Of course reading it is a little like trying to read the entire IRS Code–but it’s there just the same.

    To give an example of the return (from) address read (and this is exact):
    [email protected] Now that may look innocent to a person who doesn’t pay close attention, but the dash between the words PAY PAL makes this a phony address. I simply sent the entire message to [email protected] and got back a nice message about an our later explaining that these people were in fact not PayPal in San Jose CA, but rather someplace in Luxemborg.

    Again Chris–great article!