Computer Science Grade 9 20 min

Phishing Awareness: Identifying and Avoiding Phishing Scams

Learn how to identify and avoid phishing scams through email, social media, and other channels.

Tutorial Preview

1

Introduction & Learning Objectives

Learning Objectives Define phishing, spear phishing, and smishing. Identify at least five common red flags in a suspicious email or message. Analyze a hyperlink to determine if it is potentially malicious. Explain the concept of social engineering and its role in phishing attacks. Apply a systematic checklist to evaluate the legitimacy of a digital communication. Describe the appropriate actions to take when a phishing attempt is identified. You just received an email saying you won a brand new gaming console! 🎮 All you have to do is click a link and enter your login details to claim it. What do you do? This lesson will teach you how to spot fake messages designed to steal your information, a trick called 'phishing'. You'll learn the common signs of a scam a...
2

Key Concepts & Vocabulary

TermDefinitionExample PhishingA type of cyber attack where scammers use deceptive emails, texts, or websites to trick individuals into revealing sensitive personal information, such as usernames, passwords, and credit card details.An email that looks like it's from Netflix asks you to 'update your payment details' by clicking a link, but the link leads to a fake website that steals your information. Social EngineeringThe psychological manipulation of people into performing actions or divulging confidential information. Phishing is a form of social engineering.Creating a sense of urgency by saying 'Your account will be suspended in 24 hours unless you act now!' to make you panic and click without thinking. Spear PhishingA more targeted form of phishing where the at...
3

Core Syntax & Patterns

The S.L.A.M. Method Sender, Links, Attachments, Message. Systematically check these four components of any suspicious communication. Use this as a mental checklist whenever you receive an unexpected or urgent message. It forces you to slow down and analyze the message for red flags instead of reacting emotionally. Hover-to-Discover Rule IF (link_text != actual_destination_URL) THEN flag_as_suspicious Before clicking any link in an email, always hover your mouse cursor over it. The actual web address the link will take you to will appear in the bottom corner of your browser or email client. If this destination URL doesn't match the link text or looks suspicious, do not click it. The Urgency Check IF (message_creates_urgency OR message_creates_fear) THEN verify_inde...

4 more steps in this tutorial

Sign up free to access the complete tutorial with worked examples and practice.

Sign Up Free to Continue

Sample Practice Questions

Challenging
You receive a smishing text. Which of the following actions best applies the principle of the 'Hover-to-Discover Rule' on a mobile device where you cannot hover?
A.Tap the link quickly to see the page preview.
B.Copy the link text without opening it, and paste it into a note app to examine the URL structure.
C.Forward the text to a friend to ask if the link looks safe.
D.Reply 'STOP' to the message to unsubscribe from the alerts.
Challenging
A scammer sends an email appearing to be from a shipping company about a 'failed delivery'. The email includes a tracking number and a link to 'reschedule'. The link goes to a site that looks identical to the real one but has a slightly misspelled URL. This attack synthesizes which three key concepts from the tutorial?
A.Smishing, 2FA, and S.L.A.M.
B.Social Engineering, URL Spoofing, and the Urgency Check.
C.Spear Phishing, Attachments, and HTTPS.
D.Display Name Spoofing, Smishing, and 2FA.
Challenging
A scammer registers the domain 'go0gle.com' and gets an SSL certificate for it. Why does this tactic effectively exploit a common user misunderstanding about the 'https' padlock?
A.It proves the website is officially owned and operated by Google.
B.It tricks the user's antivirus software into trusting the site.
C.It leverages the user's correct trust in encryption while distracting them from the incorrect domain name.
D.It makes the website load faster, giving the user less time to notice the fake URL.

Want to practice and check your answers?

Sign up to access all questions with instant feedback, explanations, and progress tracking.

Start Practicing Free

More from Cybersecurity Essentials: Protecting Your Digital World

Introduction to Cybersecurity: Threats and Vulnerabilities Password Security: Creating Strong and Unique Passwords Malware Prevention: Protecting Your Devices from Viruses and Spyware Safe Browsing Practices: Protecting Your Privacy Online Social Engineering: Understanding Psychological Manipulation

Ready to find your learning gaps?

Take a free diagnostic test and get a personalized learning plan in minutes.

Free Diagnostic Test Sign Up Free