Phishing Targeting Kids — How to Spot Fake Messages

Zespol MichalKids · 4 min read · cyber-safety

Boy with magnifying glass critically analyzing a suspicious message — anti-phishing education

Phishing Targeting Kids — How to Spot Fake Messages and Stay Safe

From the perspective of a computer science educator with over 25 years of IT experience.

What Is Phishing?

Phishing is an attempt to steal personal data (passwords, card numbers, login credentials) by impersonating a trusted person or institution.

The name comes from "fishing" — the scammer casts "bait" (fake email, SMS, link) and waits for the victim to "bite."

Adults associate phishing with the "Nigerian prince." But phishing in 2026 is sophisticated, personalized, and also targets children.

Why Are Children Easy Targets?

Lack of experience — a child doesn't know that banks don't send SMS asking for passwords
Impulsiveness — "CLICK NOW TO GET 1000 V-BUCKS!" — the child clicks before thinking
Trust — children trust platforms (Roblox, Fortnite, Discord) and don't suspect a message could be fake
No filter — adults know "congratulations, you won an iPhone!" is spam. A child might not

How Does Phishing Target Children?

Type 1: Fake Game Rewards

"Congratulations! You won 10,000 V-Bucks! Click here to claim: [link]"

The child clicks, lands on a page that looks like Fortnite/Roblox, enters login and password. Scammer takes over the account.

Type 2: Fake Messages from a "Friend"

On Discord: "Hey, check out this video with you! [link]"

Link leads to a malware site or a page stealing Discord login credentials.

Type 3: Fake Emails from the "Platform"

"Your Roblox account will be blocked in 24h. Click here to verify: [link]"

Time pressure + fear of losing the account = perfect combination for a scam.

Type 4: Quizzes and Surveys

"Find out which Minecraft character you are! Enter your email and password: [form]"

The child enters login data thinking it's a fun quiz. Scammer captures the credentials.

Type 5: Fake Apps

Fake versions of popular games appear in app stores. Child downloads "Roblox Premium" — gets malware.

5 Verification Steps — Teach Your Child

Child detective with magnifying glass analyzing suspicious message — learning to spot phishing

Step 1: STOP

Don't click immediately. Count to 5. If the message is urgent ("NOW!", "LAST CHANCE!", "24H!") — it's almost certainly a scam. Real companies don't threaten.

Step 2: CHECK THE SENDER

Email from "support@robl0x.com" (zero instead of "o") is fake
Email from "support@roblox.com" is real
SMS from unknown number with a link — don't click

Teach your child: look at the sender address, not the display name.

Step 3: HOVER OVER THE LINK (don't click!)

On computer: hover your mouse over the link and look at the bottom-left corner. The real address appears there.

On phone: long-press the link — the destination URL will show.

If the link leads to "roblox-free-vbucks-2026.xyz" instead of "roblox.com" — it's a scam.

Step 4: ASK AN ADULT

If you're not sure — ask a parent or teacher. Better to ask 100 times about nothing than click once on something bad.

Step 5: REPORT

Mark the message as spam/phishing in the email app
Report the profile on Discord/Instagram
Tell a parent

Practical Exercise with Your Child

"Phishing Detective" — Home Game

Prepare 5 sample messages (print them or show on screen):

Real: School email about parent meeting (known address, no links)
Fake: "You won a PS5! Click: bit.ly/free-ps5" (shortened link, typos)
Real: Pharmacy SMS about ready prescription (known number)
Fake: "Your Instagram will be deleted. Log in here: instagrarn.com" (typo in name!)
Fake: Discord DM: "Check out this video with you, lol [link]" (no context, unknown user)

The child must determine: real or fake? And explain WHY.

Reward every correct answer — this builds critical thinking habits.

What to Do If Your Child Already Clicked?

Don't punish the child — they came to you with a problem, that's good
Change passwords — immediately, on ALL accounts using the same password
Enable 2FA — wherever possible
Check bank account — if the child entered parent's card details
Scan the device — antivirus, remove suspicious apps
Report — on the platform (Roblox, Discord, Google) and possibly to police

What We're Planning at MichalKids

Coming Soon

Academy — course "Phishing Master": interactive exercises for recognizing fake messages, quizzes, certificate
AI Coach — if the child installs a suspicious app, parent gets info in the weekly report
Shared Goals — parent and child set rules together (e.g., "I don't click links from strangers without asking")

Guardian, not a spy. We don't block links — we teach how to recognize them.

Sources:

Download MichalKids for Android | Download for iOS

Download MichalKids for Android · iOS