girl

Protection de la vie privée

Don’t Fall for Fake

Don’t bite that phishing hook!

Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.

Goals

Learn techniques people use to steal identities.

Review ways to prevent identity theft.

Know to talk to a trusted adult if they think theyʼre a victim of identity theft.

Recognize the signs of phishing attempts.

Be careful about how and with whom they share personal info.

Let's talk

What is this phishing thing, anyway?

Phishing is when someone tries to steal information like your login or account details by pretending to be someone you trust in an email, text, or other online communication. Phishing emails – and the unsafe sites they try to send you to or the attachments they try to get you to open – can also put viruses on your computer. Some viruses use your contacts list to target your friends and family with the same, or a more personalized, phishing attack. Other types of scams might try to trick you into downloading malware or unwanted software by telling you that thereʼs something wrong with your device. Remember: A website or ad canʼt tell if thereʼs anything wrong with your machine!

Some phishing attacks are obviously fake. Others can be sneaky and really convincing – like when a scammer sends you a message that includes some of your personal information. Thatʼs called spearphishing, and it can be very difficult to spot because using your info can make it seem like they know you.

Before you click on a link or enter your password in a site you haven’t been to before, itʼs a good idea to ask yourself some questions about that email or webpage. Here are some questions you could ask:

  • Does it look professional like other websites you know and trust, with the product’s or company’s usual logo and with text that is free of spelling errors?
  • Does the siteʼs URL match the product’s or company’s name and information youʼre looking for? Are there misspellings?
  • Are there any spammy pop-ups?
  • Does the URL start with https://with a little green padlock to the left of it?  (That means the connection is secure.)
  • Whatʼs in the fine print? (Thatʼs often where they put sneaky stuff.)
  • Is the email or site offering something that sounds too good to be true, like  a chance to make a lot of money? (It’s almost always too good to be true.)
  • Does the message sound just a little bit weird? Like they might know you, but you’re not completely sure?

And what if you do fall for a scam? Start with this: Donʼt panic!

  • Tell your parent, teacher, or other trusted adult right away. The longer you wait,  the worse things could get.
  • Change your passwords for online accounts.
  • If you do get tricked by a scam, let your friends and people in your contacts  know right away, because they could be targeted next.
  • Use settings to report the message as spam, if possible.

Activity

Answers
Answers to “Phishing examples” worksheet:
  • Real. The email asks the user to go to the company’s website and sign into their account on their own, rather than providing a link in the email or asking them to email their password (links can send users to malicious websites).
  • Fake. Suspicious and not secure URL
  • Real. Note the https:// in the URL
  • Fake. Suspicious offer in exchange for bank details
  • Fake. Not secure and suspicious URL
You’ll need:
  • Handout: “Phishing examples” worksheet

Study examples

Let’s make your children study these examples of messages and websites.

Indicate choices

Select “Real’ or “Fake” for each example, and say why below.

Discuss choices

Which examples appeared trustworthy and which seemed suspicious? Did any of the answers surprise you?

Further discussion

Here are some more questions to ask yourself when assessing messages and sites you find online:

Does this message look right?

What’s your first impression? Do any aspects strike you as being untrustworthy?

Is the email offering you something for free?

Free offers usually aren’t really free (even if there are).

Is the message asking for your personal information?

Some websites ask for personal info so they can send you more scams. For example, a “personality test” in which you disclose personal information that can be used to make it easy to guess your password or other secret information. Most genuine businesses will never ask for personal information by email.

Is it a chain email or post on social media?

Emails and posts that ask you to forward it to everyone you know can put you and others at risk. Don’t do it unless you’re sure of the source and sure the message is safe to pass on.

Read the fine print

At the bottom of most documents you’ll find the fine print. This text is tiny, and often contains the stuff they want you to miss. For example, a headline at the top might say you’ve won a free phone, but in the fine print you’ll read that you actually have to pay that company $200 per month.

Note: For the purposes of this exercise, assume that ‘Internaut Mail’ is a real, trusted service.”

Worksheet

Phishing examples

1. Is this real or fake?

real fake

2. Is this real or fake?

real fake

3. Is this real or fake?

real fake

4. Is this real or fake?

real fake

5. Is this real or fake?

real fake

Takeaway

When you’re online, always be on the lookout for phishing attacks in emails, texts, and posted messages—and make sure you tell the right people about it if you do get fooled.

Vocabulary 

Bot

Also called a “chatbot” or “virtual assistant,” this is a piece of software that operates online or on a network to automatically answer questions, follow commands (like giving directions to your new friend’s house), or do simple tasks (like play a song).

Phishing

An attempt to scam you or trick you into sharing login information or other personal information online. Phishing is usually done through email, ads, or sites that look similar to ones you’re already used to.

Spearphishing

A phishing scam where an attacker targets you more precisely by using pieces of your own personal information.

Scam

A dishonest attempt to make money or gain something else of value by tricking people.

Trustworthy

Able to be relied on to do what is right or what is needed.

Authentic

Real, genuine, true, or accurate; not fake or copied.

Verifiable

Something that can be proven or shown to be true or correct.

Deceptive

False; an action or message designed to fool, trick, or mislead someone.

Manipulation

Someone controlling or influencing another person or situation unfairly, dishonestly, or under threat. Alternatively, things you find online may be manipulated, such as a photo that has been edited to make you believe something that isn’t true.

Fraudulent

Tricking someone in order to get something valuable from them.

Firewall

A program that shields your computer from most scams and tricks.

Malicious

Words or actions intended to be cruel or hurtful. Can also refer to harmful software intended to do damage to a person’s device, account, or personal information.

Catfishing

Creating a fake identity or account on a social networking service to trick people into sharing their personal information or into believing they’re talking to a real person behind a legitimate account, profile, or page.

Clickbait

Manipulative online content, posts, or ads designed to capture people’s attention and get them to click on a link or webpage, often to grow views or site traffic in order to make money.