The main rule of online shopping is this: a child’s access to money should be limited and under the control of parents.
It happens like this: the user is sent a link to the site, very similar to the real address of a postal service or social network. Typically, phishers specifically buy such domains. The attacker waits for a person to enter a username or password on a fake site. So he learns the data, and then uses it to enter the real profile of his victim.
The creators of phishing resources distract the buyer from examining the page and looking for any signs of a fake. Therefore, scammers track “hype” topics and try to play on human emotions. And then there is a whole range of them: you can put pressure on greed and offer to win a cool gadget or a cash prize, you can also play on the feeling of fear. For example, the site may offer to check if a bank card is listed in the registry of data stolen by hackers. And for this, all you need to do is enter your data.