Criminals are constantly improving the quality of their phish attacks. It used to be fairly easy to spot one by the poor spelling or bad grammar. Today the clues are much more subtle. On the face of it these emails look quite legitimate. They use your real name, reference names of real acquaintances and companies from which you have actually purchased.

Finding the good from the evil takes a little more effort.

This is an email I actually received today. At first glance one would have no reason to suspect any malicious content.

There are four links in this email that are just begging to be clicked

  • Go To Facebook
  • See All Notifications
  • unsubscribe
  • 2 friend request

In order to learn more, these are the steps I followed:

  1. Hovering over either of the first two “links”, failed to bring up a link pointer. This indicates they are probably just text, or more likely a photo from another real facebook email. This is not the behavior one would expect from a valid email, so this is the first clue I had that I am dealing with a phishing email.
  2. Hovering the cursor over the unsubscribe does change the cursor, indicating this is a real link.
    • I right clicked this link (NOT LEFT click) and then did a COPY.
    • In a Word document (or the BODY of an empty email) I did a paste to reveal the following: http://www. which appears to be valid. So no clue here.
  3. I then hovered over the last link, again did a copy of it and pasted it into a document and got this, definitely not what one would expect in a facebook link:
  4. This should now be enough to convince anyone to delete the email, but my curiosity took me one step further.
  5. My last piece of investigation was focused on the From address. It displays as Facebook 2 friend request, but was was there anything hidden beneath it? I did a simple right click which revealed an email address (below) that removed any last doubt I might have had that this was a phishing email.


The lesson here is that what you see is not what you necessarily get. To further drive this home, I created my own example. I typed into a Word document, the link to Google. I then did a screen capture (a photo) of those words.

I inserted this harmless photo into an email and added a different link behind it. When opening the email all you will see is the above Google photo. When hovering over it, the cursor will change, indicating it is a link. Clicking on it however will take you to the one I specified. If you trust us enough, you may want to try it and see what it does, or you could right click it, copy the link and paste it into another document to see what you get.

As we said, all is not necessarily what it seems.

End-point protection tools have come a long way in identifying malware attached to phishing attacks. But the number one vulnerability is the one sitting in front of the keyboard. Vigilance is the best way to stay safe in cyber world.

Please contact us at for any questions about this article or any assistance you may need.