Main content
Course: Internet safety > Unit 1
Lesson 8: Ask Google: How can I recognize online scams?How to avoid phishing attempts. However it’s spelled, it’s bad news
People hook fish with a metal hook and a lure, and scammers hook unsuspecting Internet users with an e-mail that seems unusually urgent or exciting. Learn about some of the tactics that scammers use to try to trick you into giving them personally identifiable information.
To learn more about how you can keep yourself safe while on the Internet, visit: internet-safety.khanacademy.org. Created by Sal Khan.
Want to join the conversation?
- don't get cooked, stay of the hook(3 votes)
- i always spell phishing (or is it fishing) wrong🤣(2 votes)
- also avoid clicking on any link that looks suspicious, even jsut visiting a website can give you a virus or other types of malware(1 vote)
- how would you tell its suspicious if it shows a login on mobile that is a rep;ica without looking at url because most people dont(1 vote)
- If a mobile login page looks like a replica, without checking the URL, watch for signs like inconsistent branding, layout issues, grammar mistakes, unusual form fields, lack of security indicators, unexpected login requests, and trust your instincts if it feels suspicious.(1 vote)
- There's only three comments here whaaaa(0 votes)
Video transcript
- Hi, everyone. Sal Khan here from Khan Academy, and I'm here with Grace Hoyt, head of Account Security
Partnerships at Google to talk a little bit about online safety. Welcome, Grace. - Thanks for having me, Sal. - So let's just start at the basics. What is online safety and what's the worst that could happen? - As we spend more of our times online, we think about online safety
in a way that people can go about their work or school
or personal activities online in a way that they feel safe and secure, and a big topic in this space that we like to provide guidance on is
something called online scams, and in particular, how to avoid phishing. - Now, phishing, spelled with a P-H, P-H-I-S-H-I-N-G, what is that? It starts to evoke, people
are maybe fishing for me. - That's right, Sal. Phishing does have the namesake from the word with fishing, with an F, but this phishing we're talking about is a attempt to impersonate someone, a trusted source, or reach you via email, phone, or call, and try to get access to someone's personal information, such as their bank account information, their passwords, or address,
and things like that. So phishing is a way to sort of bait and hook someone in to giving
up personal information. Unfortunately, about 80% of all cyberattacks begin with phishing. So this is something we
think it's really important for people to be able
to spot and recognize on their own so that this
doesn't happen to them. - And what form do these
phishing attacks take? - So these can be emails
impersonating a trusted source. These can come in the
form of spammy text links or phone calls. One of the most important
tips that we like to advise people is to
not click on a URL link before verifying that it really
is the source you're trying to get to. So it's always best to actually
go directly to a website. For example, if you're
trying to reach your bank or track the delivery of a package, type that directly into your URL, as opposed to opening a
suspicious link right out of your email inbox or text message. Now, if you want to
actually look more closely at a link before clicking on it, on mobile, you can press and hold down on the URL and look for suspicious aspects of that link, or typos, but you can also just use the option to go directly to that link yourself, as opposed to opening it out of something that looks suspicious. - Okay, so this has
definitely happened to me in the recent past, where
I get these text messages for, "Fraud alert for your bank account," and sometimes it's from a bank where I don't even have a bank account, so they're just trying to
see if I happen to be... "Someone just charged $10,000." I'm like, oh, my god,
and then I look at it and the URL looks a little bit shady, and to your point, you
have to really confirm what the URL is, even if
it doesn't look shady, and on mobile, you can press and hold. Sometimes you get these emails that, "Hey. "Someone has just done the
following on your Amazon account. "Go log into your Amazon account here," and it's probably a link
to a fake Amazon website. You type in your credentials. Now they can actually log
into your Amazon account or your banking account, or whatever else. - Absolutely. So unfortunately that's oftentimes a way that folks are trying
to grab that password and have you hand it over to them. So you're exactly right, Sal. So we do recommend that people
go straight to that URL. - Well, thanks for that. I think we're all a little bit less likely to get phished and get hooked.