013. phishing tales: spotting the fake in your inbox (ks3)

Don't let scammers reel you in! Learn to spot phishing emails, protect your personal data, and become the ultimate digital detective.

Have you ever received a message claiming you have won a prize, but something felt slightly off? Hackers often use trickery, rather than complex code, to steal your information. This is called phishing. In this lesson, we will become digital detectives, learning how to spot the hidden clues in fake emails and messages to keep your data safe.

Phishing Tales: Hook, Line, and Sinker

The Bait in Your Inbox

Imagine you are checking your messages, and you see an urgent email from your favourite gaming store. It says your account has been hacked and you need to click a link immediately to reset your password. Panic sets in! But wait—are you sure it's really from them? Welcome to the world of phishing.

Phishing is a type of cyberattack where criminals pretend to be a trusted person or company to trick you into handing over sensitive information, like your passwords, bank details, or home address. They use a technique called social engineering, which means they try to manipulate your emotions—usually fear, curiosity, or greed—so you act quickly without thinking.

Spotting the Red Flags

As a Digital Protector, your job is to spot the fake before it causes harm. Phishing emails often have subtle clues. Look closely at the sender's email address. It might look almost right, but with a spelling mistake, like support@paypa1.com instead of PayPal.

Another massive red flag is a sense of urgency. Scammers want you to panic. They might threaten to delete your account or offer a prize that expires in five minutes. Furthermore, they usually use generic greetings like "Dear Customer" instead of your actual name, because they are sending the same scam to thousands of people at once.

Protecting Your Data

Never click on suspicious links or download unexpected attachments, as these can install malware on your device. If you are unsure, go directly to the official website by typing the address into your browser instead of using the provided link. Remember, a real bank or service will never ask for your password via email. Stay vigilant and don't let the scammers reel you in!

Comprehension Questions

Make sure you have read the passage carefully. Grab yourself a piece of lined paper and put your name, class and date at the top. Attempt the questions following questions making sure to answer in full sentences.

Knowledge, recall, identification

What is the definition of phishing?

Name two emotions that cybercriminals try to manipulate using social engineering.

What might a fake sender's email address look like?

Analysis & Interpretation

Explain why scammers often use generic greetings like "Dear Customer" in their messages.

Why do phishing emails often create a sense of urgency or panic?

How does checking the sender's address help you identify a cyberattack?

Synthesis & Creation

Imagine you receive a suspicious text message claiming you have won a new smartphone. Write down three steps you would take to check if it is safe.

Create a short checklist of "Red Flags" that your classmates could use to spot a phishing email.

If you accidentally clicked a bad link, what actions should you immediately take to protect your data?

Evaluation & Justification

To what extent is it the user's responsibility to spot phishing scams, rather than the email provider's job to block them?

"Social engineering is a more dangerous threat than malware." Evaluate this statement using examples from the text.

Justify why going directly to an official website through your web browser is much safer than clicking a link provided in an email.

Plugged Task: The Phishing Defence Guide

The Scenario
The school network administrator has noticed an increase in suspicious emails targeting student accounts. They need your help! You must create a one-page digital warning guide to be displayed on the school intranet, educating your classmates on how to spot the red flags of a phishing email before they take the bait.

The Persona
You are working as The Digital Protector. Your mindset is focused on digital security and safety. You understand that the best defence against cybercriminals is an educated user, and your mission is to protect your community's data by teaching them what to look out for.

Prepare your digital canvas

Get your software ready to create your one-page digital artefact.

Open your preferred word processing or desktop publishing software.

Create a new blank document.

Immediately save the file as "Phishing_Defence_YourName".

Gather your threat intelligence

Investigate what these scams actually look like in the real world.

Click this link to safely view images of real scams: Search for phishing email examples

Study at least three different images.

On your blank document, type out three common tricks you notice (for example, bad spelling or urgent threats).

Consult the AI Security Expert

Scammers often hide dangerous websites behind innocent-looking links. Let's ask our AI expert how to spot them.

Click the prompt below to generate advice on checking links.

Read the response and add the best tips to your defence guide.

Act as a cybersecurity expert. Explain how to spot a fake URL in an email. Limit your response to 50 words maximum. Your audience is a 12-year-old student, so keep it simple and informative. Use bullet points. NO intro, NO outro, NO deviation from the topic, NO follow-up questions.

Construct your final guide

Bring all your research together into a clear, helpful one-page document.

Add a large, clear title at the top of your page.

Use the Bullets tool to create a "Red Flags Checklist" using the tricks you found earlier.

Include the AI's advice on how to check fake URLs safely.

Write a short final sentence explaining what a student should do if they accidentally click a bad link.

Outcome

I have created a one-page digital document.

I have included a clear title and a checklist of phishing red flags.

I have explained how to spot a fake URL based on AI research.

I have provided actionable advice on what to do if a bad link is clicked.

Unplugged Task: Anatomy of a Phish

Step away from the screen and grab some paper! As The Digital Protector, your next mission is to create a visual breakdown of a cyberattack to warn your friends and family.

Grab a large sheet of plain paper and some coloured pens or pencils.

Draw a large outline of a smartphone or a computer monitor in the centre of your page.

Inside the screen, sketch out a realistic-looking phishing message. Be creative with your scam! It could be a fake alert from a popular gaming platform, a streaming service, or a missed parcel delivery text.

Make sure to deliberately include at least three classic "Red Flags" in your message.

Around the outside of your drawn screen, draw bright arrows pointing to the hidden traps you included (such as spelling mistakes, a suspicious sender address, or an urgent threat).

At the end of each arrow, write a brief explanation of why this is a trick and what the reader should do instead of clicking the link.

Last modified: April 13th, 2026