GetMeCoding CyberSecurity Awareness Phishing

How to Spot a Phishing Email And What to do When You Get One

How to spot a phishing message and what to do can be one of the most important things you will ever do online. Have you ever received a message that had an urgent tone from someone claiming to be a bank or credit card company or a text from a number not in your contacts asking an odd question, “John, do you still teach diving?”? 

That second one is odd right?? It is very odd if you never dove before and your name is not John.  These are examples of phishing.

Table of Contents
    Add a header to begin generating the table of contents

    What is phishing?

    Phishing is when a person with bad intentions sends you a message via email, text, or a social media post wanting you to click a link or respond with information.  

    GetMeCoding Phishing Example
    Phishing example with bad grammar

    How do you know it is a phishing scam?

    Phishing scams can all look different on the surface but they all have a general approach that can include the following:

      • It has a very urgent tone.
      • It may contain spelling or grammar errors.
      • It is not directly addressed to you in the body or to block of the message.
      • It requests you to send personal or sensitive information.
    • Reports are surfacing that hackers intentionally use poor grammar or spelling.  If someone comes their way via a message that has these errors, they are a more gulllible candidate for a cyber crime.

    Phishing Emails and Hyperlinks

    If you ever received a phishing emails and it contains hyperlinks you can try this technique to uncover its destination but also know hackers have new ways to MASK the web address.

    SPECIAL NOTE: Bank and Financial Emails

    If you received an email from your bank or financial institution and it appears to be a scam, they all recommend visiting the website directly by typing it into your web browser and then using your account to contact them through the private messaging. You typically will not receive an email asking you to do anything with clicking links.


    1. Hover over the hyperlink in the email but do not click it.
    2. Look at the popup or the status bar for the full web address.
    3. Does the address appear with a very cryptic address or does it appear legitimate?
    4. If it is cryptic or shortened read below.

    HOWEVER… Even if it looks like it came from a legitimate sender, you want to still verify it. Visit legitimate website and contact them through it.

    Tips on verifying email links and attachments

    Phishing is getting more sophisticated but so are the tools to debunk them.  These are some that are available to you.  If you encountered a shortened link or confusing or encrypted links these can help you uncover them.

    A SHORTENED LINK (e.g. Bitly)

    A shortened web address can be used to to hide a very long web address and keep a message short. These shortened addresses can mask a bad link.

    How to use it:

        1. Copy the link.
        2. Then visit the CHECK OUT SHORT URL ( where you can uncover the actual destination.

    Some hackers send emails with very odd, encryptic links.  When these links are cliked they can send you to websites where they can gather personal information or you can download malicious software.

    How to use it:

        1. Copy the long cryptic link.
        2. Then visit URL DECODE AND ENCODE ( where you can then uncover the destination and determine if it is ok.


    Avoid opening attachments from senders you do not recognize.  They can be a way to download malicious software or send you to a website where you download malicious code.

    GetMeCoding Phishing Example with Attachment
    Phishing example wiht attachment

    What to do when ...

    You CLICKED a link in a phishing email

    Don’t panic.  Take action with these steps.

    1. Disconnect the device from the internet.
      • MOBILE DEVICE: Put it is AIRPLANE mode.
      • Laptop/Desktop: Disconnect from the internet by “FORGETTING” the network from your list or unplugging the network cable.  This helps avoid any impact on your data stored on your device.
    2. Contact by phone or via your online account the bank, credit card company, etc..  Use the phone number on a statement and NOT the one in the message.
    3. Backup your files
    4. REPORT THE INCIDENT (contains a number of resources).

    You IDENTIFIED a link in a phishing email

    Good job. Now do the right thing and repot it. Too many incidents go unreported and the threat is allowed to continue and possibly evolve.

    1. REPORT THE INCIDENT (contains a number of resources).

    How to protect ...

    Note that the threat is an evolving one and you want to also remember to change your protective measures as needed.

    Remember to not just use ONE of these but incorporate all of them as a layered security approach.

    1. Stay informed about recent phishing techniques.
    2. Use a SPAM filter.
    3. Enable your browser to prevent fraudulent websites.
    4. Keep your web browser up to date.
    5. Always contact the company when prompted to enter account details online.
    6. Inspect the URL for the “HTTPS”.  This indicates a Secure Socket Layer.  Eventually, all websites will be required to have this.

    Phishing on social media and text messages

    The rules with email phishing also applies to social media messages and posts and text messages.  

    If you click a link and then are redirected to LOGIN where you would then use your login and password, DO NOT ENTER YOUR INFO.

    Be smart. Sharing personal information through prompts on social media can be an attempt to gather information pertaining to your login or password.  Don’t respond to these question type posts if you do not know who is posting them.

    GetMeCoding Phising on social media
    Phishing example with bad grammar


    1. Do not reply to the sender.
    2. Verify the account from which you are geting the message or request.
    3. If it is not legitimate, BLOCK the sender.
    4. REPORT THE INCIDENT (contains a number of resources).

    HOWEVER… Even if it looks like it came from a legitimate sender, you want to still verify it. Visit legitimate website and contact them through it.

    Realize anyone can get phished.  It isn’t just for someone new to the internet.  I can share I accidently responded to a well crafted email that contains information that seemed like it knew me.

    Cybersecurity isn’t a one thing only practice.  Security is a layering approach and it starts with being informed.  Please be sure to pass along this information for others so they can #BeCyberSmart.


    Happy coding and be safe online! Mr Fred




    Mr. Fred

    Start Coding Today In 5 Minutes!

    Get Me Coding Free Activity

    Take 5 minutes and try a FREE coding activity!

    Let Me Help You

    GetMeCoding Mentoring

    If you are a teacher or someone looking to help others learn to code, let me help you.

    Scroll to Top

    it only takes

    5 Minutes and 22 Seconds