How to Never Fall for a Phishing Scam

We all know that digital con artists are on the rise as working and schooling from home look more long-term than we thought just a few months ago. From trolls and “deep fakes” on virtually all social media platforms, to ransomware and screen hijacks, to increasingly sophisticated email phishing scams, it’s more important than ever to learn and practice digital protection techniques and habits (and to teach them to your colleagues and family). These range from the technical (e.g., proper intrusion prevention and regular backup regimens) to user awareness (e.g., learning to reduce self-inflicted harm by not clicking on links you shouldn’t).

The most common – and usually the most damaging – channel through which these threats arrive continues to be email. These phishing scams are often easily detectable because they are so poorly designed; misspellings and cheap graphics easily betray their often-offshore origins. Indeed, precisely because so many phishing attempts are so obvious, we can be lulled into a false confidence and think that we’d never be tricked because we’re on to them.

Nonetheless, we’re facing a surge of extremely sophisticated scams that too often fool even the most cautious users. So here’s one technique you should ALWAYS employ.

Before clicking on ANY link inside an email, roll your cursor over the link and look carefully at the address that pops up (which will display either next to the link if you’re in email, or in the very lower left corner of your browser window if you’re on a web page). This pop-up information is the TRUE destination of the link.

Look at this example, which I received last week. At first glance it certainly appears, at least visually, to be from Microsoft. And the subject line got my attention because I don’t want any problems with my monthly payment for my Office 365 account. Yes, there is some slightly odd wording and punctuation in the message, but the point is that my brain’s first reaction to the visual format said “legit.”


And here’s a similar phishing message, also appearing to be from Microsoft. However, upon rolling over any of the links, their true destination is revealed as being a domain called “” — obviously not Microsoft.

But you have to be VERY careful when you look at these rollover addresses because they are often disguised to look like a legitimate address. The same is true for the sender’s email address. Look at the first yellow highlights. “” looks legit, but it’s not. Nor is “”

Best practice, of course, is to NEVER click on any link inside an email unless you are expecting it. But if you’re tempted to, NEVER NEVER click before carefully examining where you’re bringing yourself.

My Upcoming CLE Programs


About the Author

Bill Jawitz, Law Firm Coach and Consultant

Bill Jawitz has been coaching lawyers to become more profitable and enjoy a higher quality of life since 2002.

He can be reached at or at 203.806.1300.

I maintain a deep library of hundreds of best-of-breed checklists, templates, guides, and white papers on every aspect of managing a legal practice and law firm, from lawyer marketing plans, to hiring process checklists, to alternative fee engagement letters.

If you need a quick resource, call me. I’ll send you what I have on the topic free of charge with no strings.

Call for a free consultation (203) 806-1300

Want to learn more?

Have a question? Looking for a Just-In-Time Resource?

Contact Bill Now