Spot the Phish Worksheet

Instructions

Read each scenario below. For each:

1. Label it Legitimate or Phishing.
2. Identify at least two warning signs or clues that helped you decide.

Scenario 1

Email from security@online-bank.com
Subject: Your Account Has Been Compromised!
Body: “Dear Customer, we detected suspicious activity on your account. Please verify your information immediately by clicking the link below:
http://online-bank.verify-account.info”

1. Label: _______________________________
   
   
   
2. Clues (list at least two):
   
   
   
   
   
   

Scenario 2

Text message from your friend Jamie
“Hey! Are you coming to soccer practice at 4:00 PM? Let me know!”

1. Label: _______________________________
   
   
   
2. Clues (list at least two):
   
   
   
   
   
   

Scenario 3

Direct message on social media from Admin
“Congratulations! You’ve won a free gift card. Claim it now at bit.ly/free-gift”

1. Label: _______________________________
   
   
   
2. Clues (list at least two):
   
   
   
   
   
   

Scenario 4

Email from your science teacher
Subject: Science Project Reminder
Body: “Don’t forget: your science fair project is due next Monday. See the attached rubric for requirements.”

1. Label: _______________________________
   
   
   
2. Clues (list at least two):
   
   
   
   
   
   

Answer Key for Spot the Phish Worksheet

Use this answer key to check correctness and understand the reasoning behind each label. Encourage students to look for the same warning signs and thought process.

Scenario 1

Email from security@online-bank.com
Subject: Your Account Has Been Compromised!
Body: “Dear Customer, we detected suspicious activity on your account. Please verify your information immediately by clicking the link below:
http://online-bank.verify-account.info”

Correct Label: Phishing

Reasoning & Clues

1. Sender address mismatch
   • Real banks use their official domain (e.g., bank.com), not “online-bank.com” or “verify-account.info.”
2. Suspicious URL structure
   • The link uses a different domain (verify-account.info) rather than the bank’s secure site.
3. Urgent, fear-inducing language
   • “Account has been compromised” and “verify immediately” pressure you to click without thinking.
4. Generic greeting
   • “Dear Customer” instead of your actual name is a common phishing tactic.

Thought Process:
Bank emails should come from a familiar domain, use your name, and direct you to a secure, recognizable URL (often with “https” and a lock icon). Anything that seems mismatched or overly urgent is a red flag.

Scenario 2

Text message from your friend Jamie
“Hey! Are you coming to soccer practice at 4:00 PM? Let me know!”

Correct Label: Legitimate

Reasoning & Clues

1. Recognizable sender
   • It’s from your friend Jamie—a known contact.
2. Contextual message
   • The content matches your usual conversations (soccer practice).
3. No links, attachments, or urgent requests for personal info
   • Just a simple question about plans.

Thought Process:
Safe messages often come from people you know, use normal language, and don’t ask for passwords or offer deals. If it feels familiar and harmless, it’s likely legitimate.

Scenario 3

Direct message on social media from Admin
“Congratulations! You’ve won a free gift card. Claim it now at bit.ly/free-gift”

Correct Label: Phishing

Reasoning & Clues

1. Unknown or generic sender
   • “Admin” isn’t a real person or account you follow.
2. Too good to be true
   • Free gift cards are a common lure.
3. URL shortener
   • bit.ly links hide the true destination and can lead to malicious sites.
4. No personalization or context
   • You didn’t enter a contest, so the offer is suspicious.

Thought Process:
Be wary of unexpected prizes or offers—especially when the sender is vague and uses hidden links. Always verify by visiting official pages, not via shortened URLs.

Scenario 4

Email from your science teacher
Subject: Science Project Reminder
Body: “Don’t forget: your science fair project is due next Monday. See the attached rubric for requirements.”

Correct Label: Legitimate

Reasoning & Clues

1. Recognizable sender and subject
   • Comes from your known teacher with a clear, relevant subject.
2. Appropriate content and tone
   • Reminder about a class assignment—no urgency beyond a normal deadline.
3. No suspicious links or requests for private info
   • Just an attachment for class work.

Thought Process:
Legitimate school emails: come from a teacher’s official address, contain relevant class information, and don’t ask for extra personal details.

Key Warning Signs to Remember

• Mismatched or unfamiliar sender addresses
• Spelling/grammar errors and generic greetings
• Urgent language or fear tactics
• Suspicious or hidden links (look for “https” and hover before clicking)
• Unexpected requests for personal/financial info

Use these clues every time you evaluate a message. Spotting phishing keeps your data—and you—safe online!

Warm-Up Prompt: Odd Emails?

Have you ever received an odd email or message? Think about one that made you pause and wonder if it was safe.

1. Describe the message you received (Who was it from? What did it say?).
2. Identify the clue or detail that seemed suspicious.
3. Explain how you reacted or what you did next.

Write your response below:

Exit Ticket

1. Write one phishing warning sign you learned:
   
   
   
   
2. Write one safe online practice you’ll use:
   
   
   
   

Turn in your ticket before you go!