Skip To Main Content

Phishing Game

Don't Take the Bait — Phishing Awareness
Digital Safety

Don't Take
the Bait.

Phishing scams trick millions of people every year — including students just like you. Two activities to help you spot every trap.

3.4B
Phishing emails sent every single day
97%
Of people can't identify a phishing email on the first try
$10B+
Lost to phishing scams every year in the US
🃏
Card Sorter Game
Read 8 real-looking messages — emails, texts, and QR codes — and sort them: Phishing, Junk, or Legit? Instant feedback on every card.
📖
Mini Lesson
Learn the 5 red flags, see a real phishing email annotated, follow the action steps, take a 5-question quiz, and grab the cheat sheet.

Phish, Junk, or Legit?

Read each message and sort it into the right bucket. Can you spot every trap?

0 correct
0 wrong
1 of 8
?
Loading...
Email
Your score
0/8
Digital Safety Lesson

Don't Take the Bait

Every year millions of people get tricked by phishing scams. Learn to recognize them — and never fall for one again.

1
What is phishing?

Phishing is when a scammer pretends to be someone you trust — your school, a game company, a bank, or even a friend — to trick you into giving up your passwords, personal info, or money.

The name comes from "fishing." The scammer casts out a fake message as bait, hoping you'll bite. And it's not just email anymore — they use texts, phone calls, and even QR codes.

📧
Phishing
Fake emails pretending to be real people or companies
Email
💬
Smishing
Scam text messages with fake links or prizes
Text / SMS
📞
Vishing
Fake phone calls pretending to be from tech support or banks
Phone Call
Quishing
Fake QR codes that take you to dangerous websites
QR Code
2
The 5 red flags

Phishing messages almost always use at least one of these five tricks. Learn to spot them and you'll catch most scams instantly.

It creates panic or urgency
"Your account will be DELETED in 24 hours!" — Scammers want you to act fast so you don't stop to think. Real companies give you time.
🔗
The link or email address looks off
Compare "support@schoo1-district.net" vs. the real address. Notice the "1" instead of "l"? Scammers use tiny misspellings. Always check before clicking.
🎁
It offers something too good to be true
"You've won a $500 gift card!" You didn't enter a contest. Nobody's giving away free money over text.
🔑
It asks for a password or personal info
No real school, game company, or bank will ever ask for your password by email or text. Ever. Full stop.
🙋
You weren't expecting it
A message about an order you didn't place, a login from "your account" you didn't make — if it's unexpected, be suspicious.
3
See it in action

Here's a real-looking phishing email. Can you spot all four red flags before reading the annotations?

From: IT Support <support@schoo1-district.net> PHISHING
Your school account will be SUSPENDED in 24 hours

Dear Student,


We have detected unusual activity on your account. You must verify your password immediately to avoid losing access to all your classes, grades, and assignments.


Click here to verify now: http://school-login.verify-now.xyz/reset


— IT Support Team

Flag 1
Email uses "schoo1" with a number — not your real school domain
Flag 2
"SUSPENDED in 24 hours" — urgency to make you panic and rush
Flag 3
Link goes to "verify-now.xyz" — nothing to do with your school
Flag 4
Asks you to give up your password — IT will never do this by email
4
What to do

If you get a suspicious message, follow these steps — in order.

1
Stop. Don't click anything.Close the email or put down your phone. Clicking a link — even once — can be enough to cause harm.
2
Check the sender's real address.Tap or hover the sender's name to see the full email address. Does it match the real company? A misspelling or weird domain is a dead giveaway.
3
Go directly to the real site.If the email says your account has a problem, open a browser and type the official website yourself. Don't use the link in the message.
4
Tell a trusted adult or IT.At school, tell a teacher or the front office. At home, tell a parent or guardian. You can forward suspicious emails to your school's IT team.
5
If you already clicked, act fast.Tell an adult immediately. Change your password for that account right away. Quick action can contain the damage.
Quick rule: If a message makes you feel scared, rushed, or super excited — that's exactly when you should slow down and be most suspicious.
5
Quick check: Phish or legit?

Test what you've learned. Answer each question, then move to the next.

Question 1 of 5
6
Cheat sheet

Save this. Refer to it whenever something feels off.

Red flags — be suspicious
Urgent threats or countdown timers
Prizes you didn't enter for
Requests for passwords or IDs
Misspelled email domains
Links that don't match the real site
Messages you weren't expecting
Signs it's probably legit
Comes from an official domain
No urgency or pressure
No password requests
References something you actually did
Links go to the real official site
You can verify it through the app directly
Remember: When in doubt — don't click. Delete the text, close the email, or hang up the call. You can always contact the real company yourself to check.