Reghan Winkler: How to recognize a phishing scam

One simple click on a “phishing” email possibly changed the history of the United States.

In March 2018, John received an email from Google with the subject line, “Someone has your password.” The email went on to say the Google security team had intercepted a sign-in attempt on his email from Ukraine using his actual password. It warned him, “You should change your password immediately,” by clicking the “Change Password” button provided.

The “John” that clicked the button was John Podesta, Hillary Clinton’s top campaign advisor. When John clicked the button, hackers gained access to thousands of Hillary Clinton campaign and Democratic National Committee emails.

Up to that point, the Clinton campaign’s email security was uncompromised. The Google organization was the firm that provided the campaign’s email infrastructure. The bogus message sent to Podesta was a crafty look-alike of a typical Google email.

At least 50,000 emails were obtained by hackers and eventually were published by WikiLeaks. The scandal that ensued is seen by many to be the tipping point to the election of Donald Trump as 45th President of the United States.

Phishing is one of the most frequent forms of cybercrime. Cyber security firm, Proofpoint, estimated 83% of organizations were victimized in 2021 by phishing attacks. Also in 2021, Verizon found 25% of all data breaches involved phishing.

If one click on a phishing email can change the course of U.S. history, consider the incredible havoc your life could experience if you were to click on a hacker’s button.

How do you protect yourself? Knowing how to identify one can go a long way toward preventing a phishing attack.

1. Pay particular attention to the sender’s email address. No legitimate business is likely to send a message from a public email domain such as ‘’, ‘’ or ‘’ Even Google doesn’t use ‘’, it uses ‘’ Notice Google uses its company name in the address. Be wary. If an email comes from an address that isn’t tied to the apparent sender, it is likely a scam. Another tipoff of a fraudulent email is an address that includes an organizations name before the “@“ sign. For example, the address might read ‘[email protected]’. The key is to recognize what is after the @ symbol. It indicates the organization it is from.

2. Scam emails often contain poor spelling and grammar. Legitimate companies and organizations are meticulous about sending emails with correct spelling and grammar.

3. Be extremely cautious if an email contains links to perform changing or furnishing personal information (think John Podesta). Before clicking any link, you should directly confirm the authenticity of the request by searching and visiting the actual company’s website, then calling a number from it to verify the message’s directive.

4. As with links, clicking on attachments often lead to bad things. An attached “invoice” could unleash malware on the victim’s computer, which could perform any number of harmful actions. You should never open an attachment unless you are absolutely sure it is from a legitimate source.

5. Phishing emails often attempt to create a sense of urgency and immediate action. Scammers know that if we take the time to think about the situation the more likely we will realize that something doesn’t seem right. That is why many scams demand you act immediately, or else it will be too late.

The next time you open an email and are tempted to click a link or attachment, remember John Podesta and ask yourself, “Could I be falling for something bad?” It could save you a lot of problems.

Reghan Winkler is executive director of the Better Business Bureau serving West Central Ohio. The BBB may be found on the Internet at