Phishing — fake emails/sites
Understand why phishing sophistication: visual copying is near-perfect.
In this lesson
Phishing — fake emails/sites is part of Phishing and Social Engineering. This preview shows how fraud-fighter-pro connects to everyday family decisions such as earning, saving, spending choices, goals, approvals, or parent-guided money conversations inside Progress Penguin.
Today’s money mission
Imagine this situation: You receive an email from 'gtbank-secure.ng' with your name and account ending, asking you to click a link to 'verify unusual activity.
What you need to know
Phishing sophistication: visual copying is near-perfect. The URL is the most reliable indicator — fraudsters cannot use 'gtbank.com' because GTBank owns that domain. They use lookalikes: hyphens (gtbank-secure.com), subdomains (gtbank.malicious.com), or character substitutions (gtb4nk.com). The check: before entering any credentials, verify the exact URL in the address bar.
Real-life example
Real-life money moment: You enter your internet banking password on what you later realise was a phishing site. You have 10 minutes before you expect the attacker to use your credentials. Design your immediate response. — Post-phishing response race: you have minutes before the attacker uses credentials. Priority order: change password immediately (invalidates stolen credentials), freeze account (stops any transactions even if credentials haven't been changed yet), enable alerts (real-time monitoring), review recent transactions. Each step adds a defensive layer. Speed is everything — credential theft with a 10-minute head start can be defeated by a faster response.
Progress Penguin connection
In Progress Penguin, the phishing detector shows you real and fake bank emails side by side. Identify the differences in sender domain, URL, tone, and request type — and score yourself on how many you catch. This lesson explains exactly what to look for; the detector trains your eye on real examples.
Activity preview
Try the money challenge
Run the scenario through the detector. The warning sign to look for relates to: phishing sophistication: visual copying is near-perfect. Can you spot it before DeeDee does?
Quiz preview
Phishing tricks you into:
You receive an email from 'gtbank-secure.ng' with your name and account ending, asking you to click a link to 'verify unusual activity.' What red flags are present?