Phishing Awareness

Explore & Discover

Phishing is when someone pretends to be a trusted person or company to trick you into giving up your password, credit card number, or personal info. It happens over email, text, social media, and even phone calls. Head to google.com/phishingquiz and take Google's free Phishing Quiz — it shows you real examples of phishing and legitimate emails side by side. Notice how convincing some fake emails look. The Anti-Phishing Working Group at apwg.org tracks phishing attacks worldwide and publishes free reports. Scammers regularly target people in Utah through fake Deseret News alerts and phony utility company emails. You're ready for the next step when you can describe three specific signs that an email might be a phishing attempt.

Learn the Basics

Learn how phishing attacks are actually built so you can recognize the tricks. Phishers use three main weapons: urgency ("Your account will be deleted in 24 hours!"), authority (pretending to be Google, the IRS, or your school), and fear (threatening consequences if you don't act). Study the CISA phishing guide at cisa.gov/phishing for official breakdowns of each type. Then look up "spear phishing" — attacks targeted at specific people using personal information — and "smishing," which is phishing over text message. Read a few real phishing email examples at phishtank.org, where people report fake sites. You're ready for the next step when you can identify urgency, authority, and fear tactics in three different example phishing messages.

Build Your First Project

Build your own phishing awareness training material. Go through your own email inbox (with a parent if needed) and flag five emails that show at least one suspicious sign — check the sender address carefully, hover over any links without clicking them, and look for spelling errors or mismatched logos. Create a simple checklist of "questions to ask before you click any link" — aim for at least six questions. Use Google Docs, a notebook, or Canva to make it look clean. Base your checklist on the guidance at staysafeonline.org, the National Cybersecurity Alliance's free resource site. You're ready for the next step when you have a written checklist and have applied it to at least five real emails.

Experiment & Iterate

Test your skills against increasingly tricky examples. Play "Phishing Derby" — a free browser game at phishingderby.com — or work through the OpenDNS phishing quiz at umbrella.cisco.com. Then research URL manipulation tricks: homograph attacks (using look-alike characters like "rn" instead of "m"), subdomain tricks (evil.google.com is NOT Google), and URL shorteners that hide the real destination. Paste suspicious URLs into virustotal.com — a free tool used by security professionals — to analyze them without visiting them. You're ready for the next step when you can correctly explain two URL manipulation tricks and demonstrate using VirusTotal to check a link.

Advanced Techniques

Go deep on reporting and incident response — what to do when someone in your family actually gets phished. Learn how to report phishing emails to Google (the "Report Phishing" button), forward SMS phishing to 7726 (SPAM), and report fraud at reportfraud.ftc.gov. Study a real phishing case study from the Verizon Data Breach Investigations Report (free at verizon.com/business/resources/reports/dbir) — these are actual attacks on real organizations. Understand what "two-factor authentication" prevents even if your password IS stolen. Research what steps to take if an account gets compromised: change password, revoke sessions, check connected apps. You're ready for the next step when you can walk through the exact steps to take after a phishing attack, from detection to recovery.

Final Project Showcase

Run a real phishing awareness session for your family, a group of friends, or your class. Prepare a 10-minute presentation or demo that covers: what phishing is, how to spot it (with screenshots of real examples), your URL-checking checklist, and what to do if someone gets tricked. Use the free examples at phishtank.org to make it visual and real. Walk your audience through the Google Phishing Quiz live. Then quiz them — can they spot the fake? Anywhere in the Wasatch Front, schools, libraries, and community centers love this kind of digital literacy presentation. You're ready for the next step when you have presented to at least three people and they can pass a basic phishing quiz on their own.