Key phishing-avoidance trick

By Anne Collier

Share this easy phishing-avoidance tactic with Facebook users in your family. ZDNET writer Ed Bott provides screenshots of four Facebook email notifications he has received, two of them definitely not from Facebook. He illustrates how hard it is to tell fake Facebook emails from real ones, but here’s a great trick that will help you and your kids:

Instead of just clicking, hover your cursor or mouse pointer over the link or button in the email to see what it’s pointing to. If it’s not or whatever site the notification says it’s taking you to, don’t click! See the two screenshots at the bottom of Bott’s article for examples of a phishing link (to a URL that begins with “session500”) and a legitimate link to

If that idea doesn’t take with your family, consider this policy from a commenter to the article, “mike2k”: “And that’s why I use notifications only as a ‘notification’ to go to fb and check for updates. I never click on email links unless I signed up for a website and it’s a verification link.” In other words, do the runaround: Delete the email, open a new tab or browser window and go to to see what’s new. For computer security, runarounds are good!

Leave a comment