The “Hover Check”: Spot Phishing Emails Quickly & Prevent Identity Theft Easily

Republished from a previous posting on 4/12/2009:

According to, there are 180 identity thefts happening every minute. Think about that! Every 1/3rd of a second, someone’s identity is stolen. But with some very basic knowledge, you can reduce your risks.

One way criminals are stealing identities is by using emails that try to fool recipients into giving away their personal information. This style of crime is more common than ever and the crooks are getting smarter, so you need to get smarter too. Below, I tell you how to spot these illegitimate emails very easily and quickly.

A common purpose of phishing emails is to steal your credit card information. Phishing emails have become more dangerous lately because they have developed better disguises hiding their true purpose. Because you’re more likely to think they’re legitimate, phishing emails typically appear to come from banks or insurance companies. These are the most dangerous. As a general rule, you should always be skeptical and proceed with caution when you receive an unsolicited message appearing as if it came from a company you do business with.

The Hover Check:
When you get one of these types of emails, try performing this one simple test I call the “Hover Check”. In the questionable email, hold your mouse over the link that is provided to “update records”, for instance, without clicking it. The actual URL address should appear in a pop up. Examine this address to determine where it is truly going to take you if you did click on it. Remember, DON’T click on it. Just let your mouse rest over the link until the address pops up and then examine it. If it’s not going to the website of the company they’re claiming to be, the link is most likely dangerous and at the very least, an attempt to get your personal information.

Pay Attention to Sub Domains. Now if you don’t know what I’m talking about and know nothing about URLs and what to look for, here’s a quick lesson. Web pages begin with “http://”. They are followed by the domain name, such as “”. The “www” which precedes a domain name is really a “sub domain”. “www” simply stands for world wide web, but sub domains can really be anything and more and more often are. Google for instance uses sub domains frequently, to give one the ability to direct requests to other web services they provide. For instance, for maps the URL address is To search news, it’s, and so forth. One thing most people don’t know is that you can have as many layers of sub domains as you want. For instance, is not a Key Bank link. The domain name is really “”, and so whoever controls this domain name controls the pages that display when you click on their links. Instead of .com being used as the extension, “eu” is used, which means it’s a European domain name. There are actually hundreds of domain name extensions. You probably know only the most common ones like .com, .net, .edu, .org, .info, etc. But nearly every country in the world has its own domain designation.

Another simple test when examining whether or not you’re on a legitimate page asking for personal information, is to see if the URL address starts with “https”, where the “s” indicates that it’s a secure page. As a rule, do not provide any personal information unless the page is secure as indicated by the address beginning with https.

What should you do with the email when you determine that it’s illegitimate?Certainly, you should delete it, but only after defining the email as spam. However, with most basic spam filters, if you define an email as spam you will be preventing legitimate notices from this business from getting messages through to you. Most phishing emails are sent with a legitimate email address as a part of their disguise. Our Systems Administrators here at iNamics know how to stop these emails in better ways from getting through. They define certain rules at higher levels of our spam filtration system that stop these emails without specifically saying to stop all emails coming from any particular email address, as many basic spam filters do. I suggest you notify your email administrator so they can work to prevent any other similar emails, once discovered, from getting through to you.

For more posts about this subject matter, go to

The author of this post, Al Harlow, is President and CEO of iNamics Corporation, a leader in website design and development company, and ClickIT Connect Corp., a hosting, computer and learning service center in Chagrin Falls, Ohio. To learn more, go to or


For more than 30 years I have built new, innovative products and services that make life better. I am a driven, passionate and thoughtful developer, who is results-oriented, with the 30,000-foot view but also eager to roll up my sleeves and get my hands dirty. I currently enjoy working at the helm of Click IT (an MSP with a brick-and-mortar IT services store in Chagrin Falls, Ohio), while consulting with clients to help them with their own businesses, increasing sales, securing their IT infrastructure and helping to improve their operational efficiency using state-of-the-art technologies we offer. While I enjoy most the creative aspects of any project, some of my most rewarding experiences have come from helping others realize their true potential with the implementation of simple tools and techniques. Many times I already have the tools available and need only to show how to leverage them for their benefit. Whether it is working with entire organizations or coaching individuals, I love also improving productivity. In my current businesses, we find easy ways to doing just about anything technically complicated and then try to systematize the process. Many of our IT products came about this way. (See I take great pride in my individual capacity for working smarter and I’m not talking about not taking shortcuts or compromising quality. I embrace the “Work smarter not harder” philosophy, but this is always a process of learning new things.

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Web Design Classes at ClickIT

No upcoming events

Follow ClickIT Blog on
%d bloggers like this: