Ella’s Fishing Trip - About Phishing and Scam Emails

“Look, Mom! I won a new gaming console!” shouted Ella excitedly from the kitchen table, where she was sitting with her mother’s tablet.

Ella’s mother looked up from the dishes with a furrowed brow. “Won? How?”

“An email came! Look here!” Ella waved eagerly with the tablet. “It says I’ve won the grand prize in a competition, and all I need to do is click on the link and fill in my details to get my prize!”

Ella’s mother quickly dried her hands on the dish towel and went over to the table. She examined the email over Ella’s shoulder and frowned deeper.

“Have you participated in any competition recently, sweetie?” she asked.

Ella thought about it. “Hmm… no, I haven’t actually.”

“And look here,” her mother continued, pointing at the sender address. “It looks strange, doesn’t it? SuperGames247@mail365win.net. Besides, there are several spelling errors in the email.”

“So… it’s not real?” asked Ella, disappointed.

“No, honey. This is what’s called phishing or a scam email. It’s like… well, like a fisherman trying to trick fish into biting a hook by using bait.”

Ella looked confused. “But I’m not a fish!”

Her mother laughed. “No, but the principle is the same. The scammers are ‘fishing’ for people by offering something enticing – like a free gaming console – hoping that someone will ‘bite’ and give out their personal information.”

“Like when we talked about ransomware at school? Is it internet villains again?”

“Exactly! This is another method they use. I think we should show this to Teacher Lisa tomorrow. It might be a good topic for the class to learn about.”

The next day, Ella proudly showed the scam email to Teacher Lisa, who was very interested.

“This is perfect, Ella!” exclaimed Teacher Lisa. “I was actually planning to talk about phishing and scam messages. And now you’ve given us a real example to look at!”

During the afternoon lesson, Teacher Lisa gathered the children around the big screen where she displayed the scam email that Ella had received.

“Today we’re going to talk about something important called phishing,” she began. “It’s pronounced the same as ‘fishing’, but spelled with ‘ph’. Can anyone guess why it’s called that?”

“Because they’re fishing for people!” shouted Ella proudly, eager to show her new knowledge.

“Exactly! Phishing is when someone tries to trick you into giving out personal information by pretending to be someone you trust, or by offering something that seems too good to be true.”

Teacher Lisa pointed to different parts of the scam email on the screen.

“When you receive a message like this, it’s important to be a real detective and look for clues that reveal it’s a scam. Can anyone see anything suspicious in this email?”

The children studied the email carefully.

“There are spelling errors!” pointed out Li. “‘Congratulations, you have won’ is spelled ‘Congratis, you have vunnti’.”

“Great observation!” said Teacher Lisa. “Legitimate companies almost never have such obvious spelling errors in their messages. What else?”

“Why would I win something if I didn’t even enter a competition?” asked Johan.

“Excellent point, Johan! If something sounds too good to be true, it probably is. You don’t win competitions you haven’t entered.”

“And look at the address,” said Sofia. “My dad says you should always check the sender, and this one looks weird.”

“Really good!” praised Teacher Lisa. “Sofia is absolutely right. One of the most important things to check is the sender’s email address. Legitimate companies usually have email addresses that end with the company’s name, like info@real-company.com, not strange addresses like this one.”

Teacher Lisa then pulled up several different examples of phishing attempts on the screen – emails claiming to be from banks, social media, or popular games.

“Phishing comes in many forms,” she explained. “Sometimes they say your account will be closed if you don’t click a link and update your details. Sometimes they say they’ve detected something suspicious and you need to confirm your identity. Sometimes they offer amazing prizes or discounts.”

“But how do you know what’s real and what’s a scam?” asked Li worriedly.

“That’s a really good question! I thought we’d make a list together of warning signs to watch out for.”

Teacher Lisa took out a large piece of paper and began writing as the children made suggestions.

WARNING SIGNS FOR PHISHING:

1. Offers that seem too good to be true
2. Urgent messages saying you must act immediately
3. Requests for personal information, passwords, or credit card numbers via email
4. Strange sender addresses
5. Spelling and grammar errors
6. Impersonal greetings (“Dear Customer” instead of your name)
7. Mysterious links or attachments
8. Threatening messages (“Your account will be closed”)

“This is great!” said Teacher Lisa after the list was complete. “But the most important thing of all is to talk to an adult if you’re unsure. It’s always better to be cautious and ask, than to click on something that might be dangerous.”

Teacher Lisa looked seriously at the children. “So what should you do if you get a suspicious message?”

“Don’t click on it!” the children shouted in unison.

“Exactly! Never click on links in suspicious messages. If, for example, it seems to come from your bank, open your browser instead and go to the bank’s website the way you usually do it. And if you’re unsure, show the message to an adult you trust.”

Johan raised his hand. “My dad said you can hover your mouse over a link to see where it really leads, without clicking on it.”

“That’s right, Johan! That’s a good detective trick,” said Teacher Lisa. “Think of phishing as if someone is trying to trick you into going through a fake door. By looking at the link without clicking, you can see where the door actually leads.”

After going through the warning signs, Teacher Lisa suggested a role-play. She divided the class into small groups and gave each group a scenario to act out.

“You’ll act out different situations where someone is trying to phish for information. One person plays the one trying to trick, one plays the person almost being tricked, and one plays the ‘IT security hero’ who comes to the rescue. Be creative!”

Ella’s group created a scene where a “scammer” (played by Johan) pretended to be from Minecraft and said Ella’s account would be closed if she didn’t give him her password. Ella played herself and showed how she at first became worried, but then noticed the warning signs. Li played the IT security hero who helped Ella identify the scam.

When all groups were done with their role-plays, Teacher Lisa gathered the children again.

“You were all fantastic IT security heroes today! But do you know what? Phishing doesn’t just affect children. Adults get tricked too. A study showed that almost half of all adults have clicked on a phishing link at some point!”

“My grandma clicked on such a link once,” said Sofia. “She thought she had won the lottery, but it was a scam and she got strange programs on her computer afterward.”

“That’s unfortunately common,” said Teacher Lisa. “That’s why it’s so important that we all learn to be careful and attentive. You can even teach your parents and grandparents about phishing!”

At the end of the school day, Teacher Lisa handed out a “Phishing Detective Diploma” to each child, with the text: “Certified Phishing Detective: Has shown excellent abilities in identifying and avoiding online scams.”

On the way home, Ella proudly told her mother about the day’s lesson.

“Now I know exactly how to spot phishing, Mom! I even have my detective diploma. It’s like having a superhero power – I can see through the villains’ tricks!”

“That sounds like a really useful superhero power,” said her mother. “You know, I actually got a strange email at work today claiming to be from the IT department. Thanks to what you told me yesterday, I was extra attentive and discovered it was phishing.”

“So I saved you from the internet villains?” asked Ella eagerly.

“You really did,” smiled her mother. “My daughter, the superhero.”

That night before she fell asleep, Ella looked at her phishing detective diploma that she had put up on the wall next to her bed. She felt proud that she could help protect not only herself, but also her family from the internet villains. Each new IT security lesson was like a new superhero power to add to her growing arsenal.

“Phishing might sound like fishing,” she whispered to herself, “but I’m no fish that’s easily caught on the hook. I’m a smart detective who can see through tricks!”