
Read each scenario and decide — scam or legit? Scam-detection test, Lv4.
Lv4 scams are outwardly impeccable. Payment approvals, security alerts, login notices — they mirror even the wording of the genuine messages we receive all the time. The tells are gone: no 'weird link,' no 'awkward phrasing.'
You can never sort this kind of phishing by situation alone. An alert like 'a new device just logged in' or 'a large payment was made' could be real or fake. So you have to narrow your one criterion to this: what does the content of the message tell me to DO?
Here's the crux. If the alert herds you toward a link — 'if this wasn't you, tap here to block it immediately' — and that screen has you enter a password, verification code, or card details, it's fake. A real security alert only informs you of the fact; it never tries to collect secrets inside that very message.
Be especially suspicious when three beats overlap: 'urgent, right now, through this link.' Scammers plant that sense of urgency so a startled person moves their finger before checking. If it were real, it wouldn't rob you of the time to open the app and check for yourself.
Safe alerts tend to look like this: they state the fact plainly, and if action is needed, they guide you to go through the official route yourself — 'check in the app.' They don't lure you into logging in via a link in the text, nor ask you to read a verification code to anyone.
So when you get a real-looking alert, don't touch the button or link inside it; separately open the official app yourself and check whether the same notice is there. That one step — verifying without going through the link — is the surest way to neutralize a fake that looks perfect.
Don't judge by appearance. Don't tap the link in the alert; open your card or bank's official app yourself and check whether the payment actually exists. If it's not in the app, the alert is fake.
It's risky. Merely tapping a link can lead you to a fake login screen or start a malicious app install. To verify, always use the official app or a saved main number instead of the link.
The code is the final key proving 'it's you at this very moment.' Hand it over and someone can pass through your account or payment even without your password. That's why no institution ever asks for it.