Vocabulary
Fake messages to steal data
phishing
From: support@mybánk.com (accent in ‘a’)
fake/look-alike domain (spoofing)
SMS from “bank” asks for a code
Call the bank using the official number (don’t send code)
Faking the sender’s address/number
spoofing
WhatsApp: “Hi, new number—send your OTP, please.”
impersonation + OTP request (phishing)
Email links look odd.
Open the official site yourself; log in directly
Pretending to be a real person or brand
impersonation
Email with attachment from unknown vendor; no context.
unexpected attachment (possible malware)
You clicked a bad link by mistake.
Disconnect, change email password, enable MFA, scan device, inform support
Login details like username + password
credentials
“Finalize refund here” → link goes off the official domain.
phishing link / off-domain site
Friend sends “free shoes, pay €4.50 shipping.”
Ignore; check official brand site; do not pay
Short, neutral check to prove it’s real
verification
“Final notice: verify account now or legal action.”
threat/pressure + urgency (scam tone)
Invoice PDF from unknown sender.
Don’t open; ask vendor to upload to official portal / confirm by phone