Chapter 1: The Phishing Email
Jake and Lily sat in their computer lab, typing away on their laptops. They loved to explore the digital world and see what they could find. Today, they looked for vulnerabilities in Microsoft 365, the popular cloud-based productivity suite.
As they were searching, Jake received an email that caught his attention. It was from Mr. Johnson, a small business owner that uses Microsoft 365 for its daily operations. The email said:
“Dear Jake, I need your help with something urgent. I’m having trouble accessing my Microsoft 365 account, and I need you to check if everything is okay. Please click this link to log in and see what’s happening.”
Jake hesitated for a moment. He had never received an email from Mr. Johnson before, but he knew that the business owner trusted him and often asked for help with IT-related issues. He clicked on the link, which led him to a login page that closely resembled the familiar Microsoft 365 login page.
Jake entered his username and password without thinking twice and clicked “Login.” The page refreshed, but instead of showing his usual Office 365 dashboard, it displayed an error message:
“Invalid username or password. Please try again.”
Jake frowned. That was strange. He tried again but got the same error message. Lily noticed his confusion and asked what was going on.
“I don’t know,” Jake said. “I received an email from Mr. Johnson asking me to check his Office 365 account, but now I can’t log in. Something’s not right.”
Lily looked over Jake’s shoulder and saw the email. She noticed something odd about it.
“Jake, look at the sender’s address,” she said. “It’s not from Mr. Johnson’s usual email domain. It’s from a completely different address.” Jake’s eyes widened. “You’re right! It must be a phishing email! They tricked me into giving them my login credentials!”
Lily nodded. “We have to tell Mr. Johnson right away. And we have to change our passwords.”
Jake felt embarrassed and ashamed. He had fallen for one of the oldest tricks in the book but also learned an important lesson. From now on, he would pay more attention to his online security, be extra careful and do everything he could to ensure no one else fell victim to a phishing scam.