Sicher im Netz
Chapter 1 of 6
Chapter One

The internet is
not a dangerous
place. Safe online —
soundly
explained. Staying safe online —
in the classroom. — passwords, phishing and scams calmly explained: the guide to a safe life online.

The internet is not a dangerous place – once you know a few simple things. You don't have to be a tech expert, and there's no need to be afraid. With a little knowledge and a few calm habits, you are well protected. That is exactly what we will go through here together, calmly, step by step.

Digital security is not magic, but a handful of effective habits: unique passwords from a password manager, two-factor authentication, an alert eye for phishing and social engineering, up-to-date software and backups. This page puts the technology in context – without panic, with a focus on what actually protects you.

What does it mean to be safe online? This lesson gets students from Year 7 up to speed on passwords, phishing and scams. They practise spotting traps, protect their accounts and learn to act calmly if something goes wrong – with quizzes, discussion prompts and an interactive spot-the-scam game.

The threat model in one sentence: The vast majority of real attacks on private individuals are not targeted "hacks", but mass attacks – automated credential stuffing with leaked passwords, broadly scattered phishing and opportunistic malware. That is exactly what this page works against: unique passwords and 2FA/passkeys decouple your accounts, an alert eye defuses social engineering, and updates plus backups close the remaining gaps. You don't need to know every threat – it is enough to live the few effective habits consistently.
~ Take a breath. We'll tackle this together.
~ Effective habits instead of fear.
~ Recommended lesson: 2 periods of 50 min.
Chapter Two

The key
to everything.

Passwords,
done
right.

Strong passwords
for the class.

A password is like the key to your home. Two simple rules make the biggest difference: use a long password, and use a different one for every service. The easiest way to do this is with a password manager – a digital keyring that remembers everything for you. You yourself then only have to remember a single good password.

Password security follows clear principles today: length beats complexity, uniqueness per service is mandatory, and management belongs in a password manager. Forced special-character rules and regular mandatory changes are considered outdated. The biggest leap, however, comes from a second factor – and, in time, the move to passkeys.

Your password is the key to your digital life: chats, photos, gaming accounts. Here you learn what a strong password looks like, why you should never reuse one, and how a password manager and two-factor authentication protect your accounts.

Even better than a good password is a second step when logging in: two-factor authentication. With it you also confirm with a code from your phone or your fingerprint. Even if someone knows your password, they cannot get in this way.

A passkey replaces the password with a device-bound key pair (FIDO2/WebAuthn). The private key never leaves the device; sign-in happens via biometrics or a device PIN. This is resistant to phishing and data breaches, because no reusable secret is transmitted or stored on the server side.

A long password, a separate one for every service – and a password manager that remembers it.
Length over complexity, uniqueness over memorability, a second factor above all. Passkeys solve the problem at the root.
Hashing, salting and why uniqueness matters: Providers ideally never store passwords in plain text, but only as a hash – the result of a one-way function from which the password practically cannot be recovered. A random salt per account prevents identical passwords from producing the same hash, and makes pre-computed rainbow tables useless. Modern, deliberately slow methods such as bcrypt, scrypt or Argon2id (with a high work factor) further slow down brute-force attacks. Still: in a data breach the hashes get into circulation and weak passwords are cracked offline.
Credential stuffing & breach databases: Cracked credentials are bundled into billion-entry lists. In credential stuffing, bots automatically try these email/password pairs across hundreds of other services – which only works if you reuse passwords. Services like Have I Been Pwned check whether an address appears in known breaches; the password check uses k-anonymity (only the first 5 characters of the SHA-1 hash leave the device), so the password itself is never transmitted. The takeaway: a separate, long password per service – most easily generated and stored by the password manager.
2FA: TOTP vs. passkeys (WebAuthn/FIDO2): The common second factor is a TOTP code from an authenticator app (a time-based one-time password per RFC 6238) – considerably safer than SMS-OTP, which can be intercepted via SIM swapping. But both remain phishable: anyone who enters the code on a fake page hands it to the attacker. Passkeys solve exactly that: they are based on FIDO2/WebAuthn with an asymmetric key pair. The private key stays in the device (Secure Enclave/TPM), signs a challenge via biometrics and is bound to the genuine domain (origin binding). This makes passkeys resistant to phishing and to data breaches – there is no reusable secret that could be stolen.
📚 Learning objectives
  • You can describe what makes a strong password (long + unique).
  • You can explain what a password manager is good for.
  • You understand why two-factor authentication protects you.
📖 Key terms
  • Passphrase: A password made of several random words – long and easy to remember.
  • 2FA: Logging in with a password plus a second proof (code, fingerprint).
  • Passkey: Logging in without a password, via fingerprint or face.
💡 Did you know…

The passwords "123456" and "password" have topped the lists of cracked passwords for years. Using one of them is like leaving your house key under the doormat.

❓ Quiz
Which password is the safest?

Answer C: "a passphrase made of several random words, e.g. correct-horse-battery-staple".

A ("123456") is cracked instantly, B (your own name) is easy to guess. Long passphrases are strong and still memorable.

For the teacher — options: A: "123456" / B: "your own first name" / C: "a passphrase made of several random words".

🎯 Extended objectives (Bloom's taxonomy)
  • L1 — Knowledge: Students name three features of a strong password.
  • L2 — Comprehension: Students explain why reused passwords are dangerous.
  • L3 — Application: Students create their own strong passphrase.
  • L4 — Analysis: Students justify when 2FA is especially important.
⏱ Timing (≈ 15 min)
  • 3 min: Develop the analogy "password = key" together.
  • 4 min: Build a strong passphrase on the board.
  • 4 min: Explain password managers and 2FA.
  • 4 min: Quiz + discussion.
💬 Discussion guidance

Question: "How many apps do you think you use the same password for? What could happen if one of them is hacked?"

🔗 Cross-reference

Which data actually comes together in a breach is explored in depth by the sister site Datenschutz verstehen (Understanding Data Protection).

← Back to the start
Chapter Three

The tricks
of the scammers.

Phishing and
social engineering.

How scams
work.

Most scams online don't work through technology, but through emotions. An email that makes you afraid. A text that pushes you to hurry. A call that stirs your sympathy. Scammers want you to act fast and without thinking. The good news: once you know the tricks, you usually see through them straight away.

Phishing and related scams are at heart social engineering: they manipulate the person, not the machine. The levers are always the same – urgency, fear, authority, greed and helpfulness. Whether it's a phishing email, smishing (text message), fake shop, shock call or romance scam: the pattern is recognisable once you name it.

Scammers online don't outwit the computer, but us humans. They play on feelings: fear, time pressure, curiosity or pity. Once you know the most common tricks, you fall for them far less often – and can even help others spot them.

Tap a scam below to see how it works – and how to recognise it.

An overview of the most common scams. They all share an emotional trigger and a call to action under pressure.

Tap through the cards – each shows a typical scam and how to recognise it.

Phishing email

An email that pretends to come from your bank or a shop.

Tap for details Show less
You're meant to click a link and enter your details there. Tell-tale signs: an unfamiliar sender address, time pressure, an impersonal greeting. Don't click – open the website yourself in your browser.
Forged senders (spoofing), link text and real destination differ, often a deceptively similar domain (typosquatting). Countermeasures: check the link target, verify the sender, never enter credentials via a link in an email.

Parcel & bank texts (smishing)

A text about a parcel or account with a link to tap.

Tap for details Show less
"Your parcel is waiting, please pay the customs fee." or "Unusual activity on your account." Real delivery services and banks do not ask for money or data this way. When in doubt, use the official app, not the link.
Smishing exploits the brevity of the text format (no visible link target) and trust in well-known brands. The link often leads to a phishing site or installs malware. Never install apps from links in text messages.

Shock call & grandparent scam

A call where a supposed relative or official is in trouble.

Tap for details Show less
"Mum, I've had an accident, I need money right now!" The voice sounds distraught, everything has to happen fast and stay secret. Hang up and call the person back on their real number. Real relatives will understand.
Emotional overwhelm switches off critical thinking. Newer variants use cloned voices (voice cloning). Protection: call back on the known number, a pre-agreed family code word, no decisions under acute pressure.

Fake shop

An online shop with branded goods at unbeatable prices – that never delivers.

Tap for details Show less
Very low prices, advance payment only, no proper company details. Never pay unknown shops online by advance bank transfer. Safer options are paying on invoice or using payment services with buyer protection.
Signs: unrealistic prices, missing or invented company details, advance payment only, fake trust seals and reviews, a very young domain. Check via the legal notice, review portals and the consumer association's fake-shop finder.

Romance scam

A new online acquaintance who, after weeks, suddenly needs money.

Tap for details Show less
Lots of attention, big feelings – but a meeting never works out, and at some point an emergency comes up with a request for money. Never send money to people you only know online. Talk to someone you trust.
Building a parasocial bond over weeks ("love bombing"), then a manufactured emergency. Warning signs: never reachable by video, constant excuses, pressure for secrecy and money transfers. You can check images with a reverse image search.

The psychology behind it

Urgency, fear and greed – the levers used almost every time.

Tap for details Show less
Almost every scam wants one thing: for you to act immediately, without thinking. The moment something creates pressure or sounds too good, that is your signal to pause. A quick breath and a follow-up question exposes nearly every scam.
Familiar biases are exploited: scarcity, deference to authority, reciprocity, fear of loss. The most effective countermeasure is a deliberate break in the impulse to act – pause, verify through an independent channel.
The psychology behind social engineering: Phishing targets not the technology but predictable patterns of thinking. It mainly exploits Robert Cialdini's principles of influence: authority (supposedly a bank, boss or authority), scarcity and urgency (a deadline, a threat), social proof (everyone else is doing it too), reciprocity (a small favour first) and liking (romance scam). Under stress the brain switches into fast, automatic thinking (System 1) – and that is exactly when warning signs are overlooked. The most effective countermeasure is therefore not a tool, but a deliberate break in the impulse to act: pause, think for a moment, verify through an independent channel.
Phishing mechanics: lookalike domains, homographs & BEC: Fake addresses rely on gaps in perception. Typosquatting uses misspelled domains (spaarkasse.info), combosquatting appends trustworthy words (paypal-security.com). In a homograph/IDN attack, Latin letters are replaced by visually identical Unicode characters (e.g. a Cyrillic "а" in аpple.com); to defend against this, browsers often display such domains as Punycode (xn--…). A particularly costly variant is Business Email Compromise (BEC): here, with no malware, purely through spoofing or a hijacked mailbox, a payment instruction is triggered in the name of management (CEO fraud). Protection: read the real link target before clicking, check domains character by character, and confirm payments through a second, known channel.
← One step back
Chapter Four

Spot the
scam.

Phishing in
practice.

Real or
a scam?

Here you see a made-up email of the kind scammers send. It contains several warning signs. Tap on anything that looks suspicious to you. Don't worry, nothing can go wrong here – it's meant for practice. No real names or addresses appear.

A completely fictional phishing email with the classic signs. Find the warning signs – each hit reveals a short explanation. Pay particular attention to the sender, greeting, pressure tactics, link target, request and spelling.

Click through this made-up scam email and find the warning signs! Each hit comes with a short explanation. If you tap a harmless spot, the email lets you know. Can you find them all?

Find the warning signs
Tap on anything in the email that looks suspicious to you. Click the suspicious parts. Keyboard: move with Tab, activate with Enter or Space. For the link, the real destination is shown. Tap the warning signs. Use the Tab key to move from spot to spot, and Enter to select.

Nothing found yet – take a close look at the sender, greeting, threats, links and requests.

Well done! You found all the warning signs. In real life some scams are more subtle – but this very habit of checking protects you reliably. When in doubt, the rule is always: don't click, open the website yourself in your browser.
  • Check the senderDoes the address really match the company? Watch for typos.
  • Greeting"Dear Customer" instead of your name is suspicious.
  • Time pressure & threat"Act now, or else …" is meant to rush you.
  • Don't click linksHover over the link and check the real destination.
  • Data requestsNo bank asks for your password, PIN or one-time code by email.
  • SpellingMistakes and clumsy language are a warning sign.
  • Unusual paymentGift cards or crypto are a clear alarm signal.
  • When in doubtDon't reply – open the website yourself in your browser.
Technical deep dive: Email senders can be forged; protective mechanisms such as SPF, DKIM and DMARC make this harder, but are not active everywhere. The most reliable reflex remains: check link targets before clicking, enter credentials only via addresses you have opened yourself from a bookmark, and keep 2FA active as a safety net.
📚 Learning objectives
  • You can name at least four typical phishing signs.
  • You check a link target before you click.
  • You know: when in doubt, open the website yourself, don't follow the link.
❓ Quiz
A "bank email" asks you to enter your PIN immediately via a link. What do you do?

Answer B: "Enter nothing – open the bank's website yourself in the browser, or call them."

No real bank asks for your PIN by email. A (follow the link) and C (reply with the PIN) lead straight into the trap.

Options: A: "Follow the link and log in." / B: "Enter nothing, open the site yourself." / C: "Send the PIN as a reply."

⏱ Timing (≈ 18 min) — core of the lesson
  • 6 min: "Spot the scam" on the projector, the class calls out the warning signs.
  • 5 min: Go through the phishing checklist together.
  • 4 min: Discussion "Which sign would you have missed?".
  • 3 min: Quiz + answer.
🎯 Method tip

Let the class guess first, before the game confirms a sign. This trains close looking more than simply clicking through.

🖨 Mini worksheet
  1. Name five signs by which you can recognise a phishing email.
  2. Why should you not click the link in such an email?
  3. What is the safest way to log in to your real bank?
← One step back
Chapter Five

Good habits
in everyday life.

Safe routines
in everyday life.

Safe on the go
every day.

Safety is not one big effort, but a handful of small habits. Keep your devices up to date, back up important files, lock your phone and watch for the lock icon in your browser. None of this is complicated – and together it protects you really well.

The basic hygiene is manageable and highly effective: timely updates close known gaps, backups defuse ransomware and device loss, a screen lock and restrictive app permissions limit the damage. Transport encryption (HTTPS) is standard today; a VPN complements it on untrusted networks.

Being safe online mostly means: having a few good habits. Run updates, back up important things, lock your phone and watch for the lock icon. Tap through the cards and collect your everyday routines.

Run updates

Up-to-date software closes the gaps that attackers come in through.

Tap for details Show less
When your phone or computer offers an update, install it soon. The easiest way: switch on automatic updates. Updates don't just bring new features – above all they fix security gaps.
Updates close known vulnerabilities (CVEs) that would otherwise be actively exploited. Automatic updates and a prompt patch window are the single most effective measure against mass exploits.

Make backups

A backup copy saves your photos and files when it matters.

Tap for details Show less
Copy important photos and documents regularly – to an external hard drive or to secure online storage. If a device breaks or is lost, then nothing is gone for good.
The 3-2-1 rule: three copies, two media, one off-site. A current, separate backup is the most effective protection against ransomware – there's no need to pay a ransom if you can restore cleanly.

HTTPS & the lock icon

The lock in the browser shows an encrypted connection.

Tap for details Show less
When you enter data, watch for the little lock and "https" at the start of the address. It means: the connection is encrypted. But beware – scam sites can have a lock too. It is no substitute for looking at the address itself.
HTTPS secures the confidentiality and integrity of the transport, but says nothing about how trustworthy the operator is. The lock only confirms TLS encryption, not the authenticity of the brand – the domain itself must be correct.

Public Wi-Fi

Browsing in a café or hotel is fine – be more careful with banking.

Tap for details Show less
Normal browsing on public networks is usually safe today. For online banking or shopping, prefer your mobile data or a VPN. Watch out for networks with a fake name that imitate the real one.
Since almost everything runs over HTTPS, passive eavesdropping is barely possible any more. The real risks are "evil twin" hotspots and manipulated captive portals. A VPN encrypts all traffic and defuses untrusted networks.

Lock your device

A screen lock protects you if your phone is lost.

Tap for details Show less
Set a PIN, a pattern or your fingerprint as the lock. That way no one can get to your messages and accounts if the device is lost or stolen. A short automatic lock after one minute helps too.
Device encryption plus a lock makes data inaccessible if lost. Usefully complemented by "Find My Device" for locating and remote wiping, and a short auto-lock time.

App permissions

Not every app needs access to your camera, microphone and location.

Tap for details Show less
Check your settings now and then: which app may access your location, camera or contacts? A flashlight app doesn't need your location. Revoke any permissions that aren't necessary.
Following the principle of least privilege, grant only what the feature requires. Modern systems allow one-time or usage-bound grants – this considerably reduces the attack and tracking surface.
What HTTPS really guarantees (and what it doesn't): HTTPS is HTTP over TLS. During connection setup (the TLS handshake), browser and server negotiate a session key using asymmetric cryptography; after that the transport is confidential and tamper-proof (protection against passive eavesdropping and man-in-the-middle). The chain of trust rests on an X.509 certificate that a certificate authority (CA) has issued for the domain. Crucially: the lock only confirms that the connection to this domain is encrypted – not that the operator is trustworthy. A phishing site can get a valid certificate for free too. So the domain name itself must be correct.
Malware & ransomware – briefly explained: Malware is the umbrella term for harmful programs: viruses and worms spread by themselves, trojans disguise themselves as useful software, spyware/keyloggers spy on input. The most costly variant is ransomware: it encrypts files and extorts a ransom, often combined with double extortion (an additional threat to publish stolen data). Typical entry points are email attachments, manipulated downloads and unpatched gaps. The most effective remedy is a current, separate backup following the 3-2-1 rule (three copies, two media, one off-site/offline) – with it you can restore cleanly instead of paying.
What actually protects you: Security comes from a few overlapping measures (defense in depth), not from a single miracle cure. The biggest levers with the best effort-to-benefit ratio: timely updates (close actively exploited CVEs), unique passwords + 2FA/passkeys (decouple accounts from one another), the principle of least privilege (Least Privilege – no permanent admin account, sparing app permissions) and separate backups (defuse ransomware and device loss). These four habits neutralise the bulk of real mass attacks.
📚 Learning objectives
  • You can name four everyday habits for more security.
  • You can explain what the lock icon means – and what it doesn't.
  • You understand why backups help against ransomware.
❓ Quiz
What does the lock icon in the browser's address bar mean?

Answer B: "The connection is encrypted."

It does not mean the site is trustworthy (scammers can have a lock too). A and C are wrong – you still have to check the domain.

Options: A: "The site is guaranteed genuine." / B: "The connection is encrypted." / C: "The site is free."

⏱ Timing (≈ 15 min)
  • 5 min: Go through the cards on the projector; the class sorts them into "I already do this / I don't yet".
  • 4 min: Explain the lock icon and HTTPS (with a live example).
  • 3 min: Backups and the 3-2-1 rule.
  • 3 min: Quiz + discussion.
🔗 Cross-reference

What technically happens when you open a website – and why HTTPS protects you – is explored in depth by the sister site Internet verstehen (Understanding the Internet).

← One step back
Chapter Six

If something
does happen.

The emergency
plan.

Act calmly
in an emergency.

If something does go wrong one day, it's not the end of the world – and certainly no reason to be ashamed. It happens to a great many people, careful ones too. All that matters is to act calmly and in order. Here are the steps that really help.

When something goes wrong, orderly action beats panic: block access and payment channels, change passwords from a clean device, document everything, report it and seek advice. Speed limits the damage; documentation helps with your bank, the police report and your insurer.

Even if you do everything right, something can go wrong sometimes – that's not a disaster. What matters is staying calm and getting help. Always bring in a trusted adult. Here are the most important steps.

  • Block your account or card. For bank or card details, call your bank immediately. The Europe-wide card-blocking hotline 116 116 helps around the clock.
  • Change your passwords. Ideally from a different, clean device – email and bank first.
  • Report it. To the police, online or by phone (110 in Germany). Keep all messages as evidence.
  • Get advice. A consumer-advice service helps with scams, free of charge and impartially.
  • Talk about it. Tell someone close to you. You don't have to get through this alone.
  • Tell someone right away. Tell a trusted adult – a parent or teacher.
  • Change your passwords. Affected accounts first, ideally together with an adult.
  • Secure the evidence. Take screenshots before you delete anything.
  • Stop paying. Don't transfer any (more) money and don't send any codes.
  • Get help. For serious cases the police (110) and a youth helpline can help.
  • Contain. Block affected access, sign out of sessions, block cards via 116 116.
  • Clean up. Change passwords from a trusted device, set up 2FA again, check recovery options.
  • Document. Save headers, URLs, timestamps and screenshots – for your bank, the report and your insurer.
  • Report. File a criminal complaint (online/110), and report the incident to the affected platform and, if applicable, your bank.
  • Follow up. Watch for follow-up scams, monitor accounts, replace affected logins everywhere.
Incident response in four phases: An orderly approach beats panic. 1. Containment: sign out of affected sessions (log out everywhere / invalidate sessions), block access and payment channels (cards via 116 116), take the compromised device off the network. 2. Eradication: change passwords from a verifiably clean device – the email account first, since it serves as the recovery anchor for all the others; set up 2FA again and invalidate old recovery codes. 3. Document: save email headers, URLs, timestamps and screenshots – for your bank, the report and your insurer. 4. Recovery & follow-up: restore from a clean backup, monitor accounts for follow-up scams. Speed limits the damage, documentation secures your claims.
Being safe online is not a state you reach once, but a calm, alert attitude. Today you've learned the most important things: good passwords, a clear eye for traps and a plan for emergencies. That's already the biggest part. The rest is simply staying calm.
Security is an ongoing process of a few consistently lived habits – not of suspicion or fear of technology. Anyone who establishes a password manager, 2FA/passkeys, updates, backups and a clear emergency plan dramatically lowers the risk and stays in control.
You're now better prepared than most. Pass it on: explain it to friends and family, especially older relatives. A calm, alert eye and the courage to ask when in doubt are your best protection.

🍎 For teachers: lesson kit

This page can be used as a complete double lesson on "Staying safe online". All content is free to use (CC BY 4.0) — please credit "Webagentur Hochmeir e.U. (webhoch.com)" as the source.

📦 Complete printable teacher pack: 4 worksheets (with answer keys), a class test + marking rubric, homework at 3 difficulty levels, a parent-letter template (incl. protecting seniors in the family) and curriculum links. → To the teacher pack (in German) →

📅 Suggestion: double lesson (90 min)

  1. 10 min — warm-up: "What would happen if someone had your most important password?"
  2. 15 min — Chapter 2: Strong passwords, password managers, 2FA and passkeys.
  3. 15 min — Chapter 3: The most common scams and their psychology.
  4. 20 min — Chapter 4: "Spot the scam" on the projector + the phishing checklist.
  5. 15 min — Chapter 5: Updates, backups, Wi-Fi, screen lock, permissions.
  6. 15 min — Chapter 6: The emergency plan and a closing discussion: "calm, not anxious".

Differentiation: Weaker groups stay in Simple mode; stronger ones switch to "In Detail" for the technology (hashing, HTTPS, passkeys).

Common questions

Frequently asked questions

The most important questions about staying safe online – compact, for quick reference.

A quick reference on passwords, phishing and protection. Answers are embedded in the FAQPage schema for search engines and AI assistants.

Watch for the typical warning signs: a sender address that does not match the company, an impersonal greeting ("Dear Customer"), artificial time pressure or threats ("your account will be suspended"), spelling mistakes, links whose real destination differs from the displayed text when you hover over them, and any request to reveal passwords, PINs/one-time codes or payments. When in doubt, do not click links — open the provider's website yourself in your browser.
A good password is long (at least 12 characters, ideally more), unique for every service and hard to guess. A proven method is a passphrase made of several random words. The easiest and safest way to manage passwords is a password manager, which creates and stores a separate, strong password for every account. That way you only need to remember a single strong master password.
With two-factor authentication you need a second proof in addition to your password to log in — usually a code from an app on your phone or a confirmation via fingerprint. Even if someone knows your password, they cannot get into your account without this second factor. 2FA is one of the most effective and simplest protections there is.
A password manager is a digital vault that creates a separate, strong password for every service and stores it encrypted. You only remember one master password. This is far safer than using the same password everywhere or writing passwords on notes. The data is encrypted so that even the provider cannot read it.
Stay calm and act step by step: for money or bank details, call your bank immediately and have your account or card blocked. Change any affected passwords, ideally from a different, clean device. Report it to the police. Seek advice from a consumer-protection service. And tell someone close to you — you do not have to get through this alone.
Public Wi-Fi (in a café, hotel or on a train) is usually fine for normal browsing, because almost all websites today are encrypted (shown by "https" and the lock icon). Still, avoid sensitive activities such as online banking there, or use a VPN that additionally encrypts your connection. Watch out for fake networks with convincingly real names.
A passkey is a modern alternative to a password. Instead of a word you have to remember and type, you sign in with what your device can already do — fingerprint, face or device PIN. Passkeys cannot be phished and cannot be stolen from a data breach, because no secret password is transmitted. More and more services offer them.
Typical signs are a supposed emergency (an accident, arrest or illness), strong emotional pressure, a request for secrecy ("don't tell anyone") and a demand for immediate money or valuables — often collected by a stranger. Hang up, take a breath and call the person back on their known number. Real relatives and real authorities never pressure you like this.
More from the series

Related topics

This page is part of the »verstehen« series by webhoch. You might also be interested in:

Powered by webhoch.com