Tab 1

Assembly Script — Phishing Simulation Reveal

Hemant (Opening)
“Good morning, everyone. So, we’ve got a little story for you today. A few days ago, many
of you received a message that looked pretty official — something about prizes, certificates,
and a link to register.
Well... surprise. That message was actually sent by us — as part of a cybersecurity
awareness exercise. No one’s in trouble, promise. This was meant to test how easily a fake
link can look real.

Abhimanyu (Reveal)
“So, here’s what happened. We sent that link to several students. Some ignored it — good
job. But quite a few clicked it, filled the form, and trusted it completely.
That’s exactly what we wanted to show — how fast people fall for a message when it looks
official. We didn’t collect passwords, OTPs, or any personal info — just whether you clicked
or not.”

Hemant (Why People Fell for It)

“And you know why it worked? Because it had three magic ingredients:
First — Authority. It looked like it came from school.
Second — Urgency. It said ‘Limited time’ — which makes your brain panic and click fast.
Third — Reward. ‘Prizes and certificates’ — the classic bait.
That’s exactly how real scammers trap people.”

Krishna (The Lesson)

“Now, think about it — how many messages do you get that sound urgent, official, or
rewarding? Emails, WhatsApp forwards, random links — it’s everywhere.
But here’s the rule we want everyone to remember:
STOP. HOVER. VERIFY.

Let’s say it together: STOP. HOVER. VERIFY.

(Short pause)

STOP — pause for 3 seconds before clicking.

HOVER — or in simple terms, check what the link really says before opening.
VERIFY — ask the teacher, IT team, or go to the official site yourself.”

Abhimanyu (Simple Habit)

“So, from now on — whenever you get any message that looks even a little suspicious,
don’t rush. Just follow those three steps.
And if you ever click something by mistake or share info — don’t hide it. Tell a teacher or
the IT team immediately. Reporting fast actually prevents real hacking.”
Now, let's quickly go over ten simple checks that can save you from getting fooled
next time.

Check who the mail is really from.

Don’t trust just the name — look at the email ID carefully. If it’s weird or doesn’t
match the official domain, it’s fake.

Hover before you click.

Before clicking any link, place your mouse on it and see where it actually goes. If the
link and text don’t match, it’s a trap.

Look for the lock symbol.

Safe websites start with https and have a small lock symbol before them. If it’s
missing, don’t type anything there.

Don’t fall for urgent messages.

If an email says “Do it right now or you’ll lose your account,” it’s trying to scare you.
Real institutions don’t rush you like that.

Notice spelling and design mistakes.

Fake mails often have grammar errors, wrong logos, or odd formatting. Real ones
look clean and professional.

Never log in from a link.

If someone sends a link asking you to “sign in,” don’t click it. Always open the real
website yourself from Google or bookmarks.

Be careful with attachments.

Don’t open files like zip, exe, or pdf from unknown people. They can carry viruses or
steal your data.

Double-check through another way.

If you get an odd mail from a teacher or friend, confirm it by asking them in person or
through message.

Read the tone carefully.

If a message sounds too formal, too friendly, or just feels strange, it’s probably fake.
Trust your gut feeling.

Keep your software updated.

Old browsers and systems are easier to hack. Update them regularly — it’s simple
but powerful protection.

So yeah, the internet’s kind of like a crowded market — full of good stuff, but also full
of pickpockets. Keep your eyes open, your clicks careful, and your brain switched
on. Because honestly, “Think before you click” isn’t just a slogan — it’s digital
survival.
Vipin (Acknowledging Participants)
“We’d also like to thank everyone who unknowingly helped make this simulation successful.
You gave us real data to show that awareness isn’t just about rules — it’s about habit.
And yes, we do have a few small prizes for participants we selected randomly — we’ll
announce their names at the end.”

Krishna (Key Takeaways)

“So, let’s summarize the habits that protect you from phishing and fraud:

1. Don’t trust links that ask for login info or rewards.

2. Never share OTPs, even with people who claim to be ‘official.’

3. If a message feels rushed — slow down.

4. Always check who’s really sending it.

And remember — scammers don’t hack computers first; they hack people’s trust.”

Hemant (Closing)
“This was a small step toward building a safer digital culture in school. Cyber safety isn’t just
for computer experts — it’s for everyone who uses a phone or email.
We’ll be continuing short awareness rounds in the coming weeks, and if anyone wants to
join our cyber awareness team, come talk to us later.

Optional Ending (Hemant)

“And by the way, if you got tricked — don’t feel bad. Even adults, teachers, and CEOs get
phished. The difference is — now you know better.”

and remember the rule that literally saves people from scams every day:
STOP. THINK and . VERIFY.”

THANK YOU……….
Tab 2
 Phishing Simulation Reveal

Hemant (Opening)
“Good morning, respected Principal, teachers, and my dear friends.

Today, we’re going to share something that might surprise you — and maybe even shock a
few.

A few days ago, many of you received a message that looked very official — something
about ‘winning prizes,’ ‘certificates,’ and a link to register.’

Well... here’s the twist. That message was actually sent by us.

Yes, you heard that right — it wasn’t a real offer. It was part of a cybersecurity awareness
simulation we designed.

And don’t worry — nobody’s in trouble. The goal wasn’t to catch anyone — it was to teach
everyone how easily we can be tricked online.”

(pauses for a few seconds for effect)

Abhimanyu (Reveal)
(steps forward, smiling slightly)
“So, here’s what actually happened behind the scenes.

We created a fake but harmless link, sent it to several students, and tracked who clicked it.

Some of you saw it and ignored it — good job!

But quite a few… clicked the link, filled out the form, and trusted it completely.

And that’s exactly what we wanted to show — how easily a professional-looking message
can fool even smart people.

Just to clarify — we didn’t collect any private data. No passwords, no OTPs, no phone
numbers — just whether you clicked or not.

This little experiment revealed one big truth — awareness is the best antivirus.”

Hemant (Why People Fell for It)

(speaking slowly, as if analyzing a crime scene)
“So why did it work? Why did people trust it?
Because that fake message had three powerful psychological triggers — the same ones
used by real hackers every single day.

First — Authority. It looked like it came from the school. When we see a familiar name or
logo, we automatically trust it.

Second — Urgency. It said ‘Limited time offer.’ When something feels urgent, our brain
switches from thinking to reacting — and we click fast.

Third — Reward. Who doesn’t like prizes, right? The message promised certificates and
rewards — the oldest trick in the scammer’s playbook.

And that’s exactly how real phishing scams trap people — by mixing trust, time pressure,
and temptation.”

Krishna (The Lesson)

(takes a deep breath, tone friendly but serious)
“Now, just think about your daily digital life.

How many messages do you get that sound official, urgent, or rewarding?
From WhatsApp forwards, random DMs, fake shopping offers, or emails from ‘banks’ asking
to verify your account — it’s everywhere.

But there’s one simple rule we want everyone to remember — Which goes like:

STOP. THINK. VERIFY.

Here’s what it means:

STOP — pause for 3 seconds before clicking any link. Give your brain time to think.

THINK — or in simple terms, check what the link really says. Move your cursor over it or
long-press on your phone to see where it goes.

VERIFY — confirm through another source. Ask your teacher, your parents, or visit the
official website instead of clicking unknown links.

These three steps might seem tiny — but they literally save people from losing money, data,
and identity every single day.”

Abhimanyu (Simple Habit)

“So from today onwards — whenever you get any message that looks even slightly
suspicious, don’t rush.

Just breathe, and remember the rule — STOP. THINK. VERIFY.

And let’s say you accidentally click a suspicious link or share some info — don’t panic, and
most importantly, don’t hide it.

Immediately tell your teacher or the IT team.

The faster you report it, the faster it can be stopped.

Even a small delay can let a scam spread, but early reporting can prevent the damage
completely.”

Vipin (Acknowledging Participants)

(smiling, a friendly tone)
“We’d like to take a moment to thank all the students who unknowingly became part of this
awareness exercise.

You helped us prove something very important — that cyber safety isn’t just about rules; it’s
about habits.

By observing how people reacted, we learned that even smart, careful users can be tricked
when something feels urgent or rewarding.

Krishna (Key Takeaways)

(summarizing calmly, clear tone)
“So, let’s wrap up with a few golden habits that protect you from phishing and online fraud:

# Don’t trust any link that asks for login info, passwords, or rewards.
# Never share your OTPs — even if someone claims to be from your school, bank, or
company.
# If a message feels rushed — slow down.
# Always check who’s really sending it — the sender’s address matters more than the logo.

And remember — hackers don’t hack computers first; they hack people’s trust.

If we guard that trust, we guard everything else.”

Hemant (Closing)
(steps forward to conclude)
“This was just a small step toward creating a safer digital culture in our school.

Cyber safety isn’t only for computer experts — it’s for everyone who uses a phone, laptop, or
social media account.

In the coming weeks, we’ll continue short awareness activities, quizzes, and mini-challenges
to make digital hygiene a daily habit.

And if anyone wants to join our Cyber Awareness Team — come talk to us after assembly.
Abhimanyu…..

“And hey, if you got tricked — don’t feel bad. Seriously. Even teachers, professionals, and
CEOs of big companies get Tricked.

The difference is — now you know better.

So remember the golden rule that literally saves people from scams every single day:
👉 STOP. THINK. VERIFY.

Thank you, and stay cyber-safe!”

Tab 3
Assembly Script — Phishing Simulation Reveal
Abhimanyu (Opening)
Good evening, everyone. So, we’ve got a bit of a confession today. A few days ago, many
of you got a message about the Inter-School Talent Competition — all shiny, official-looking,
and talking about prizes and certificates.
Well… that message was fake. Sent by us.

Before you panic — relax. No one’s in trouble. It was part of a cybersecurity awareness
exercise to see how easily people click when something looks official. Turns out, quite a few
of you did.

Hemant (Reveal)
Here’s what really happened. We sent that message to all the students. Some ignored it —
great job. But many clicked, filled out the form, and believed it completely.
That’s exactly what we wanted to show — how easily a phishing link can fool even smart
people when it looks trustworthy.
And don’t worry — we didn’t collect any sensitive data, just basic info to study the response.

Krishna (Why it worked)

So, why did so many fall for it? Because it had three perfect ingredients.
Authority — it looked like it came officially.
Urgency — it said “Register before 12 AM!”
Reward — prizes and certificates, of course.
When these three come together, even the cautious ones get trapped. That’s exactly how
real scammers play it.

Hemant (The Rule)

Here’s the golden rule to remember — say it with me: STOP. HOVER. VERIFY.
STOP — pause for a second before clicking.
HOVER — check where the link really goes.
VERIFY — confirm it’s official before acting.
That’s it. These three seconds can save you from days of regret.

Abhimanyu (What if you clicked)

If you did click, no shame in that. Even professionals fall for phishing every day. But here’s
the difference — smart people report it, not hide it.
So next time you think you clicked something wrong, go straight to the IT team or a teacher.
The faster you report, the less damage it can do.

Hemant
Now let’s go through ten super simple checks — things everyone here should know
before clicking anything online. You don’t need to be a tech genius; just remember these
habits.

First, always check who the message is really from.

Don’t just trust the name on top. Look at the email address.
If it says “VidyaGyan Admin” but the email is something weird like
vidyagyan123@[Link] — yeah, that’s not official. Real ones come from the school
domain, like @[Link].

Second, before you click any link, hover or long-press to see where it really leads.
If it says [Link] but actually shows some random site like [Link] —
that’s fishy. Don’t touch it.

Third, look for the lock symbol and https.

That small padlock on the browser bar means the site is secure.
But remember — a lock doesn’t mean it’s trustworthy. It just means it’s encrypted. Still, if
there’s no lock, don’t even think about typing passwords.

Fourth, don’t get trapped by “urgent” messages.

Anything shouting “Act now or lose access!” is designed to make you panic.
Schools or real institutions never talk like that. They give time and official notice.

Fifth, always check for spelling and design mistakes.

If the logo looks stretched, or it misspells, congratulations — you just spotted a fake one.

Sixth, never log in directly from a link someone sends.

If you need to log in, open the real website yourself — type the address or use a bookmark.
Links can be traps.

Seventh, watch out for random attachments.

If a strange file pops up — like “[Link]” or “[Link]” — don’t open it. Ask the IT
team first. Curiosity is not cybersecurity.

Eighth, double-check using another source.

If it says your teacher or a friend sent it, confirm with them through WhatsApp, Teams, or
face-to-face. Don’t reply to the suspicious mail itself.

Ninth, trust your gut.

If something feels off — too formal, too flattering, too weird — it probably is. Listen to that
feeling before you click.

And tenth, keep your phone and laptop updated.

Updates are boring, I know, but they patch the holes that hackers use.
Old devices thus become open doors.

Hemant (finishing the section)

So yeah — these ten tiny habits might sound simple, but they make a huge difference.
They’re like your seatbelt on the internet. You might not need them every day, but when you
do, they’ll save you.
Krishna (Tone shifts serious)
See, the internet’s like a crowded market — lots of good stuff, but also plenty of
pickpockets. Scammers don’t just steal passwords; they steal attention, trust, and common
sense.
So the next time something looks too good to be true — maybe it is.

Vipin (Acknowledgement)
We want to thank every student who unknowingly became a part of this experiment. You
helped us prove something big — that awareness doesn’t come from posters or boring rules,
it comes from experience.

Some of you clicked the link, some didn’t. But here’s the truth — nobody failed. Because
today, you saw how real phishing scams can look. And trust me, next time it could be your
bank, your Insta, or even a fake “update” trying to fool you.

Hemant
We didn’t collect anyone’s data or spy on anyone — this was purely to make you smarter,
not scared. Every suspicious link you avoid, every message you double-check, makes our
school’s digital world a little safer. So, from today — think before you click.

Abhimanyu (Closing)
This whole exercise wasn’t about catching anyone — it was about protecting everyone.
Cyber safety isn’t just for tech experts; it’s for anyone who touches a phone or email.
And remember, even CEOs and teachers get phished — but you now know how not to.

So, one last time — STOP. THINK. VERIFY.

That’s not just a rule. That’s your online seatbelt.

Thank you.