Catching a Phish Educational Resources K12 Learning, Communications, Practical Life Skills, Technology Lesson Plans, Activities, Experiments, Homeschool Help

Lesson Plan - Get It!

Audio:

You work for the federal government. (Congrats on the new job!)

Due to confidentiality issues, you are only allowed to use your government-issued laptop in the office. While working, you receive this email:

scam email

Seems legitimate, and you are on a secure laptop in a secure building, so the email must also be secure. Better click on that link before time runs out.

Do you agree?
Would you click on this link?
How can you determine if it is safe or not? What are the signs?

Keep reading to learn the hidden dangers in emails like this one and what you can do to protect your identity!

What Is Phishing?

The word phishing is a spin on the word fishing, where someone throws a baited hook into a body of water hoping a fish will bite it.

Phishing refers to any sophisticated online scam that lures its victims into giving personal and private information.

It is a form of cyber-crime where emails, text messages, and phone calls that appear to be from a legitimate source are sent in an attempt to get your passwords, credit card information, and other information that could result in financial loss and identity theft.

If you are reading this lesson, you are active enough online to have an email address. Email is an essential part of communicating in today's world, but it also brings a lot of unwanted notifications, promotions, and the like.

Most of these messages go to your spam folder right away, but some manage to get through to your inbox. Many of these appear to come from a legitimate source, and the messages often contain an urgent request for an immediate response or action from you.

There are a number of phishing techniques that cyber-criminals or scammers use, but they all generally fall into two categories based on their purpose:

Transfer Sensitive Information

Messages sent in an attempt to gain personal information often result in financial loss.

A typical scam email looks like a legitimate one from your personal financial institution. It will include a link that leads to a malicious site that resembles your bank's real site. As soon as you enter your username and password, the criminal is able to see that information.

This allows the scammer to access the your account and steal money.

Spreading Malware

Malware is software that causes intentional damage to a computer or network.

Often referred to as a virus, malware is attached to a link or document. The moment you click on or open it, you release the malware into your computer or even your network.

Malware can be programmed to do a lot of different things, from erase your files, to destroy your hard drive, to simply record your keystrokes. Software can be created to do basically anything you can imagine.

To learn more, watch What is Phishing? from Phishline Demo:

What Can You Do?

How do you know if an email is valid or a phishing scam?

There are specific things you can look at carefully to determine if something is a scam or not. (Keep in mind, phishing can also occur via text message or even a phone call.)

Unidentified Sender

If the message does not include a sender's full name or other legitimate information, it may be a sign of phishing.

Some scams do not ask for anything other than a reply at first. Once the scammer gains your trust, however, you will likely be asked to complete some task that reveals your private information.

Too Good to Be True

Scammers try to hook you by grabbing your attention right away.

Did you just win a raffle you never entered?

Yeah, that's a scam. Besides winning prizes or the lottery, lucrative offers for free phones or other expensive items are also too good to be true. Don't fall into the trap.

Hyperlinks and Attachments

Think of hyperlinks and attachments like dogs you have never met. You may want to pet them, but you need to make sure they are safe first.

It is best to assume any hyperlink or attachment sent to you could harm your computer. Some carry viruses, and others redirect you to a fradulant website.

If you were not expecting the hyperlink or attachment, do not click or open. If it really is important, the sender can always resend.

Tone of Urgency

The key to a good scam is getting you to act before you think.

If a message appears time-sensitive, you are less likely to pay attention to the details. You may need to act right away to secure your winnings or prevent your account from being suspended.

Be leery of urgent-sounding messages like these.

Okay, so you are fairly certain you just received a phishing email.

What can you do?

Don't click on any links. Don't open any attachments. Don't reply. Just delete it. Simple as that.

If you really want to do so, you may forward the email to [email protected] or [email protected] or report it to the Federal Trade Commission.

For more tips and information, feel free to check out these resources:

Phishing: Don't Take the Bait, from the Federal Trade Commission
Phising Scams and How to Spot Them, from the Federal Trade Commission
Phishing Scams, from the American Bankers Association

These resources include a number of ways to help protect yourself like redirecting spam emails and enabling security features; however, the best and easiest strategy is to always stop and think twice before clicking or opening anything.

Review all that you have learned in the Got It? section when you are ready!