Don’t be the Phish bait this Holiday season – by Ron Benvenisti

2016-12-19_22-23-35 It’s holiday season and the retail season when people are spending tons of money online, looking for sales and deals. Hackers are in a feeding frenzy Phishing. Don’t be the bait.

I’m keeping this article free from technical jargon. Why? Because it doesn’t matter. You don’t need to know the details of how “Phishing” works, only what it can do to create havoc in your life and what you can do to prevent that. Most of you know that “Phishing” is a technique where crooks use e-mail to put programs on your computer that can steal your personal information, either by you entering it into a fake website that you get to by clicking on the message, or worse, completely locking up your computer with “Ransomware”.

Ransomware is particularly insidious and vicious because until you pay the crooks you can’t unlock your computer. Even if you pay, you may not have access to it ever again… except if the Ransomware can be overcome, which is rare. The most famous variation is something called “Cryptolocker” which has ransomed hospitals, businesses, individuals and even police departments.

I’m going to show you exactly what some real Ransomware looks like so you can avoid it at all costs.

The illustrations are of actual emails that will steal your information and/or render your computer useless until you pay up.

The Anonymous Survey Rewards Card


You get an email ostensibly from a vendor you may or may not do business with. Most likely it’s one who you do, either because they’re well known and trustworthy, have stores in your area (hackers know your zip code) or you have shopped there online, or in the store (and left your email address). Hackers get this information easy. It’s the easiest to get.

First of all, NEVER EVER open an email like this or click inside it or one like it. For all practical purposes, you can stop reading right now. Now you know know everything you need to know on a practical basis to protect yourself from Phishing. To summarize: NEVER EVER open an email that you don’t know where it comes from.

Having said that, legitimate emails from your real vendors or banks, etc., will have your FULL name as it appears on the account and the last few digits of your account number. Mostly. Phishing emails generally have some clues that they’re not real, but some of these pictures look really convincing. As I said before, you don’t need to be techno-savvy about this. You can look at the from address on the top and try to see if it actually comes from the vendor, you can look at the physical address at the bottom, you can look for mis-spelling. You can look deeper at something called the “header” which may or may not show you the actual originating address or even look at the HTML program that makes up the email, but it’s not necessary. You already know all you need to know. NEVER EVER open an email that you don’t know where it comes from. But for submitted for your review are the above invitations to get your rewards card just for taking the anonymous survey. Trust me, you won’t be so anonymous once you take it. Nor will your computer or your accounts. This Phish will get you in hot water.

Lets take a look at a legitimate email. Notice the detailed identifying information about my Kohl’s account in the callout box on the upper right. A Phishing email won’t have this. Hackers may have your name but it’s not likely that they would have such detail about your rewards. Notice the name is “Ronald” and not “Ron”. I always use “Ronald” on my accounts because my email address uses “Ron” which is super easy to get your hands on. If the crooks know me as “Ronald” I’ve already been had.

The Real Deal


Here’s a couple more actual Phishing examples:

The Sale

This one offers a super percentage off for a limited time. It looks so real, it’s probably an exact duplicate of a real one. But look at the email address on top that it comes from. It has absolutely nothing to with Nordstrom. If you want to say that its simply a Nordstrom affiliate trying to make money by steering you there. Nordstrom or any other mainstream vendor doesn’t have an “äffiliate” program. The address here is one hundred percent bogus and at the current time is pointed to a server in Croatia, most likey in a hotel room. Hard to believe. No. That’s why you don’t need to know, some of this is unbelievable.



As Seen on CNN, MSNBS, ETC.,

It’s the best deal on a product that allegedly appeared on some TV show or famous media website. It’s generally something that people need and use every day. But there are too many choices and you don’t have time to make the right decision. Click on this and suddenly you’re a genius at shopping. You’re already probably a shopping genius, so pass on these Phish. This mattress may or not be good for sleeping, but why take a chance in putting your computer to sleep, for good. As they say in my old neighborhood in Brooklyn, “sleeping with the fish”.

Be Better Equipped


From flashlights to medications to diet supplements to you name it, you’re bombarded with potentially dangerous SPAM. Here’s one with a dead giveaway. Lousy grammar and just plain stupidity. This backup generator that will make you “better equipped for any event”. Nice, just what I want for a centerpiece at a wedding. I mean it’s an event, correct? The common use phrase is “better equipped for any eventuality”. I guess the copy and paste got truncated. Or maybe the mouse battery ran out of power and died. It reads “Turn it on and generate away”. More like click on it and throw your computer away.


The Free Credit Score

Get your free credit score from “”. Yeah right. Don’t fall for these. You can get your free credit score from your bank. BTW, if you check the brick and mortar addresses on the bottom of these emails, many of them come from Grandville, Michigan, as does this one and some others on this page. Well I have some news for you: Rep. Dave Agema, R-Grandville, Michigan who is pushing an anti- Sharia law (wonder why?) had this to say on his Facebook page in May: “Obama wants Israel to go back to 1967 boundaries ( bad mistake) Obama won’t acknowledge the National Day of Prayer but allows Muslims to par(t)y (sic) on the step of the capitol (very enlightening), now on Egyptian TV he says he’s a Muslim according to some sources. Here he says he’s a Christian. We’re in trouble folks if this is true”.

Do you think Grandville has some religious legal issues? Are you suddenly wondering about who wants your info and money in Grandville, or why? Just sayin’. Your Phishing money is practically guaranteed to fund terrorists. There, I said it.


Catching Phish

While I’m trying not to be technical, I don’t want to conclude without telling you that there are some technical but easily accomplished things that should, and I would say must, be done for the best protection. Don’t get Phished in the first place. While that is probably not 100% possible on any given day, you absolutely should:

  • Keep your computer up to date. Install the latest updates to your applications and operating system.


  • Use the latest versions of reliable and licensed anti-spam, anti-virus, anti-malware programs on all your computers, tablets and phones.


  • This just came out today (12/19/2016). It’s from one of the most respected enterprise security firms in the world, Cybereason. It’s called RansomFree and it can protect Windows PCs and Servers against being encrypted by Ransomware. I urge you to download and install it ASAP from:’s designed and built in EY. Where else?


  • If you have a website domain, make sure that your provider is using an updated anti-virus, anti-spam and anti-malware program on your server.


To illustrate this, I present this screenshot from one of my servers. I temporarily de-activated my protection on one server to catch a few Phish. I caught quite a few and forwarded the “Credit Score” one from above to an email address on one of my other servers where the protection is in force. The server I mailed to immediately caught the Phish as illustrated below.


Use every means necessary to protect yourself. As the Phishing ad above says, “Be prepared for any event”. You get the idea.

I wish all of you, and your loved ones (including your beloved computers) a safe, healthy and joyous holiday.

Ron Benvenisti

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 15,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.


  1. How do we tell the difference between real emails from kohls (that I get almost everyday!)and the image of email above that will steal my information?

  2. If you look at the legit one above you will see the correct name and enough real info about your Kohl’s account to safely identify it, as pointed out.

Comments are closed.