Computer Science Grade 9 20 min

Phishing Scams: Recognizing and Avoiding Fake Emails

Learn how to identify phishing scams and avoid clicking on suspicious links.

Tutorial Preview

1

Introduction & Learning Objectives

Learning Objectives Define the term 'phishing' and explain its purpose. Identify at least five common red flags in a phishing email. Analyze an email's sender address and link URLs to spot inconsistencies. Explain the potential consequences of clicking a phishing link or opening a malicious attachment. Describe three safe actions to take when a suspicious email is received. Differentiate between a legitimate domain and a spoofed subdomain in a URL. Apply a systematic checklist to evaluate the authenticity of a suspicious email. You just got an email saying your favorite gaming account will be deleted in 24 hours unless you log in NOW! 😱 Is it real or a trap? This lesson will teach you how to become a digital detective, spotting the clues that reveal a fake...
2

Key Concepts & Vocabulary

TermDefinitionExample PhishingA type of cyber attack where criminals send fraudulent emails pretending to be from a reputable company to trick you into revealing personal information, such as passwords or credit card numbers.An email that looks like it's from Netflix asks you to 'update your payment details' by clicking a link, but the link leads to a fake website designed to steal your login and credit card info. Email SpoofingThe act of faking the sender's email address to make it look like the email came from someone you know or trust, like a friend, your school, or a company.An email's display name says 'PayPal Support', but the actual email address is 'support@pay-pal-security-info.com' instead of an official PayPal address. Malicious URLA...
3

Core Syntax & Patterns

The Hover-to-Reveal Rule Always hover your mouse cursor over any link or button before clicking it. Use this rule to preview the actual destination URL, which is often displayed in the bottom-left corner of your browser or email client. If the previewed URL looks different from the link text or seems suspicious, do not click it. The Sender Scrutiny Pattern Examine the full sender email address, not just the display name. Scammers can easily fake the display name (e.g., 'Your Bank'). Click on the sender's name to reveal the full email address. Check if the domain name (the part after the '@' symbol) exactly matches the official domain of the company. The Urgency & Emotion Heuristic Be highly suspicious of any email that creates a strong sens...

4 more steps in this tutorial

Sign up free to access the complete tutorial with worked examples and practice.

Sign Up Free to Continue

Sample Practice Questions

Challenging
An attacker sends an email spoofed to look like it's from the IT department. The link for a 'mandatory password update' is 'http://company.com.security-update.net'. To avoid this scam, an employee must synthesize their understanding of which two key concepts from the tutorial?
A.Social Engineering and Malicious Attachments.
B.Email Spoofing and differentiating between a domain and a spoofed subdomain.
C.The Hover-to-Reveal Rule and the Urgency & Emotion Heuristic.
D.Domain Name and the consequences of clicking a link.
Challenging
Imagine a very well-crafted phishing email: the sender's domain is correct (e.g., a compromised account), there are no spelling errors, and the branding is perfect. However, it demands you log in via a link within 30 minutes to claim a tax refund. Which tutorial principle is the most powerful and reliable defense against this specific scam?
A.The Sender Scrutiny Pattern, because the sender is the most important clue.
B.Checking for spelling errors, as there is always at least one mistake.
C.The Urgency & Emotion Heuristic, because the high-pressure tactic is a universal red flag, regardless of other details.
D.The Hover-to-Reveal Rule, because the link text will always be different from the URL.
Challenging
Considering the common pitfalls and potential consequences, which of the following user actions represents the most significant security failure, likely leading to the most immediate and severe damage (like a ransomware infection)?
A.Replying to a phishing email to ask for more information.
B.Clicking a phishing link and entering a username and password on a fake site.
C.Trusting the display name but not clicking any links or opening attachments.
D.Downloading and running an unexpected executable (.exe) file from an email attachment.

Want to practice and check your answers?

Sign up to access all questions with instant feedback, explanations, and progress tracking.

Start Practicing Free

More from Digital Defenders: Privacy and Security Basics

What is Privacy? Protecting Your Personal Information Personal Information: What Should You Keep Private? Creating Strong Passwords: Keeping Your Accounts Safe Sharing Information Online: Think Before You Post Online Safety Tips: Staying Safe While Browsing the Web

Ready to find your learning gaps?

Take a free diagnostic test and get a personalized learning plan in minutes.

Free Diagnostic Test Sign Up Free