Cybersecurity: Email

The Four Questions of Phishing Awareness

As the war in Ukraine continues and midterm election season draws near, it’s the perfect time for cybercriminals to take advantage of our divided attention. They send out seemingly benign emails and messages, hoping we’ll be too distracted to avoid clicking on a malicious link. There’s also the potential for Russia to sow confusion and fear by expanding the conflict into cyberspace through denial-of-service attacks, hacking, and ransomware. With extra vigilance, we can make it a lot harder for scam artists and hackers to succeed.

A good rule of thumb for online security is, if something looks off, it probably is. It may be as simple as noticing a typo or poor grammer (see what I did there?) when reading an email from someone unfamiliar. It gets complicated when the cybercriminal imitates or ‘spoofs’ the account of someone you know and trust or has actually hacked into their account.

When you get a suspicious message or email, take a few extra seconds to determine whether it’s valid. You can avoid falling for the most common deceptive tactics by asking yourself the following questions:

Would my rabbi, distant relative, or boss really ask me for an Apple gift card?
No. It’s a scam, and usually involves some pretext like tending to someone who is severely ill. Check the email address of the sender. If it doesn’t match the email address your contact uses, or their request doesn’t make sense, it’s from a con artist.

Does the sender match the vendor?
You got an urgent email about an unpaid cable bill, and it’s from comcastbilling@gmail .com – why didn’t it come from an email address? Because it’s fake.

Why the wacky website URL?
Cybercriminals do their best to make bogus websites look real. Don’t click links that promise gifts, discounts, or send you to sites that don’t make sense (why is this Amazon offer taking me to www.amazoncompany .ru instead of

Still seems phony? Pick up the phone.
If the sender’s address is correct, but there’s something off about a message from someone you know, don’t reply. Pick up the phone instead to confirm the message is from them. If their email account was hacked, your call may save them a lot of grief.

There is plenty more to learn about cybersecurity, but scanning your inbox with a skeptical eye is a good place to start. For more information on how to protect your information online, and for the latest updates on cybersecurity threats, check out the federal government’s official website, Shields Up.


The Federation’s Community Security Program has trained nearly 600 staff, clergy, and community members around the Bay Area since the hostage-taking in Colleyville, Texas. These ranged from supporting incident response for cases of harassment, vandalism, and communicated threats to forecasting security needs, consulting on building security and delivering training on emergency preparedness and incident management tailored to our partner organizations’ needs. Additionally, by providing security assessments and grant guidance at no cost to organizations, the program has helped over 30 Jewish organizations successfully apply for government security grants in 2018-2021, resulting in grant awards totaling over $5 million.  These trainings are part of the Federation's Community Security Program, made possible through donors to the Annual Campaign. Please consider making your gift today.


April 25, 2022


Rafael Brinner