Spot the Fake Website
PHISHING websites are fake sites designed to look exactly like real ones — your bank, your school, a popular shopping site. Their goal: trick you into typing your username and password so they can steal them. Phishing is one of the most common ways accounts get hacked.
Five things to check before logging in. (1) URL: hover over links before clicking. Real bank: yourbank.com. Fake: yourbank.malicious-site.com. (2) HTTPS: legitimate sites usually start with "https://" and show a lock icon. Missing? Suspicious. (3) SPELLING: phishing sites often have small spelling errors. (4) URGENCY: "Act now or your account will be locked!" is a manipulation tactic. (5) UNEXPECTED EMAILS: if you didn't request a password reset, don't click the link.
You get an email saying "Your bank account is locked! Click HERE to fix it" with a link to "yourbank.security-update.net." What should you do?
When in doubt, DON'T click. Type the official URL yourself, or use a bookmark you saved earlier. Banks, Google, Apple, and other big companies will NEVER ask you for your password via email. If you're unsure, call the company directly using a phone number from their official website (not the email).
URL Check
Find three URLs (in emails, ads, or search results). For each, ask: is the domain spelled correctly? Does it use HTTPS? Does the URL match where I expect to go? Practice this daily until it becomes automatic.
Phishing is one of the easiest scams to avoid — once you know the warning signs. The few seconds you spend checking can save you hours (or thousands of dollars) of cleanup.
Want to keep learning?
Sign up for free to access the full curriculum — all subjects, all ages.
Start Learning Free