to teach logo
LoginSign up
Phishing and fraud with AI

Phishing and fraud with AI

Objective: The worksheet serves to educate learners about cyber fraud, particularly phishing and the use of artificial intelligence. The aim is for learners to recognize fraudulent intentions in digital messages, understand how AI-supported attacks work, and learn effective prevention and immediate measures.


Content and methods: The content covers the recognition and classification of phishing attempts, typical characteristics of fake websites and messages, the influence of AI on the professionalization of digital scams, and strategies for prevention and correct action in the event of fraud. This is supplemented by an examination of language, image, and audio clues, as well as a critical evaluation of digital forms of communication. The methods include visual website analysis, structured information and text work, audio evaluations, action-oriented prevention exercises, and cooperative group work in which participants create their own sample messages and then reflect on and review them together.


Competencies:

  • Media and information literacy: Recognizing psychological manipulation and technical obfuscation in digital media
  • Analytical skills: Identifying warning signs in text and audio messages
  • Action competence: Deriving and applying security rules for the digital space
  • Critical thinking: Developing a healthy skepticism toward unexpected requests to disclose personal data


Target group and level: Grade 10 and above

IW
JA
KD
LG

50 other teachers use this template

Target group and level

Grade 10 and above

Subjects

non-subject specific content

Phishing and fraud with AI

Icon

Website-Check

Look closely at the website image shown. How many suspicious things can you spot in the image? Explain why registering on this site poses a security risk or under what circumstances you would cancel the process.

Das abgebildete Bild zeigt eine gefälschte Bank-Webseite, die auf den ersten Blick einer echten Bankseite ähnelt. Oben links ist das Logo einer fiktiven Bank zu sehen, daneben sind Navigationspunkte wie „Accounts“, „Transfer“, „Bill Pay“ und „Help“ angeordnet, was dem Aufbau wirklicher Bankseiten entspricht. Der Hintergrund ist in beruhigenden Blau- und Weißtönen gehalten, die oft Seriosität suggerieren sollen. Zentral auf der Seite befindet sich ein Login-Fenster mit einem weißen Hintergrund und Schatteneffekt, das zum Eingeben von „Username“ und „Password“ auffordert. Darunter ist ein blauer „Log In“-Button platziert, der den Eindruck einer echten Anmeldemaske vermittelt. Oben im Banner steht in fetter roter Schrift: „URGENT: YOUR ACCOUNT WILL BE DELETED SOON.“ Dieser Hinweis verwendet auffällige Farbe und eine alarmierende Formulierung, um beim Nutzer Panik und Handlungsdruck auszulösen. Unterhalb des Login-Bereichs gibt es Abschnitte mit den Titeln „Account Summary“ und „Recent Transactions“. Diese sind jedoch nicht funktional, sondern nur visuelle Platzhalter, um die Täuschung zu verstärken und den Anschein zu erwecken, es handle sich um eine vollständige Bankanwendung. Drei Hinweise auf einen Betrug sind deutlich erkennbar: 1. Die URL oben im Browser lautet „www.securebanking-update.com“ – diese Adresse sieht der echten Bank-URL ähnlich, enthält aber zusätzliche Wörter und ein anderes Muster, was ein typisches Merkmal von Phishing-Seiten ist. 2. Die rote Warnnachricht mit unmittelbarer Löschandrohung ist untypisch für echte Banken, denn solche Institute kommunizieren sensible Themen nicht so dringlich oder bedrohlich. 3. Die nicht funktionsfähigen Bereiche „Account Summary“ und „Recent Transactions“ dienen nur der Täuschung und sind ein Anzeichen dafür, dass die Seite keine echten Bankdienste anbietet. Insgesamt vermittelt die Seite einen seriösen Eindruck, verbirgt aber mehrere deutliche Anzeichen für einen Phishing-Versuch.
Icon

Text comprehension & AI fraud

Read the information text about phishing and fraud using AI carefully. Explain briefly how phishing attacks work and what "damage" they can cause in the real life of a user. Also discuss the specifics of AI-supported fraud and explain how the use of artificial intelligence makes it more difficult to detect such attacks.

Understanding Phishing and AI Fraud

Phishing and fraud are increasingly prevalent threats in the digital age, targeting individuals and organizations alike. These deceptive practices aim to exploit vulnerabilities, often leveraging technology to access sensitive information for malicious purposes. The rise of artificial intelligence (AI) has further complicated the landscape, introducing sophisticated techniques that enhance the effectiveness of fraudulent activities.

What is phishing? Phishing is a cybercrime where attackers impersonate legitimate entities to deceive individuals into revealing personal data, such as passwords and credit card numbers. Typically, phishing is executed via email, where the attacker crafts messages that appear authentic, urging recipients to click on malicious links or attachments. These links often lead to counterfeit websites mimicking real ones, designed to harvest login credentials. Phishing can also occur through text messages, social media platforms, and phone calls, adapting to the evolving communication channels used by potential victims.

AI fraud – what does that mean? AI fraud refers to the use of artificial intelligence technologies to execute or enhance fraudulent activities. AI can generate realistic content, such as deepfake videos and synthetic voices, to impersonate individuals or manipulate situations. This technology enables scammers to create convincing scams, increasing their chances of success. For instance, AI-generated voice can be used in phone scams to impersonate trusted figures, deceiving targets into making financial transactions or disclosing confidential information. Moreover, AI-driven algorithms can analyze vast amounts of data to identify vulnerable targets, crafting highly personalized and convincing scam strategies.

The intersection of phishing and AI fraud poses significant challenges for cybersecurity. AI tools can automate the creation and distribution of phishing emails, making it easier for attackers to target large numbers of individuals simultaneously. Additionally, machine learning algorithms can refine phishing techniques by analyzing the effectiveness of different strategies, improving the ability to bypass security measures over time.

To combat these threats, individuals and organizations must adopt proactive measures. Educating oneself about the signs of phishing and fraud is crucial. This includes scrutinizing email addresses and links, being wary of unsolicited communications, and verifying requests for sensitive information through independent channels. Implementing robust cybersecurity protocols, such as multi-factor authentication and regular security updates, can also reduce the risk of falling victim to these schemes.

As technology continues to evolve, so do the methods employed by cybercriminals. Understanding the dynamics of phishing and AI fraud is essential for safeguarding personal and organizational data, ensuring a secure digital environment in an increasingly interconnected world.

Icon

Listening task

Analyze the audio content and identify two specific clues that indicate fraudulent intent. Also, assess which aspects of the message's language or content would have aroused your personal suspicion.

--:--
--:--
Icon

Reflection and Action

What preventive steps should the affected person have taken to prevent the fraud in advance? Describe the necessary immediate measures that should be taken after a case of fraud has already occurred.

Icon

Safe or fraud?

1. Form groups

Work in groups of 3–4 people and assign roles (writing, gathering ideas, reading aloud).

2. Create messages

Work together to write 3 short online messages (1–3 sentences):

  • 1 secure message without pressure or data requests
  • 2 scam messages with typical warning signs, e.g., time pressure, password requests, threats, promises of winnings, or suspicious links

3. Exchange

Pass your messages on to another group and receive their examples.

4. Analyze

Decide together:

  • Safe or scam?
  • What are the warning signs and how can you recognize them?

5. Brief discussion

  • Then compare the solutions of both groups and clarify any differences..

1. Message

2. Message

3. Message

Icon

Safety rules

Based on the information provided so far, derive three essential rules of conduct for sustainably increasing your own security in the digital space and effectively warding off attempts at fraud.