Computer Science · Grade 9

Active learning ideas

Common Cyber Threats

Active learning breaks down abstract cyber threats into tangible, hands-on experiences where students can see risks in action. By moving through stations, creating phishing emails, and role-playing attacks, they build both technical understanding and practical defenses.

Ontario Curriculum ExpectationsCS.HS.CY.3CS.HS.S.10
30–45 minPairs → Whole Class4 activities

Activity 01

Stations Rotation45 min · Small Groups

Stations Rotation: Threat Identification Stations

Prepare four stations with samples: malware descriptions to sort, phishing emails to flag, DoS impact videos to note, and ransomware case studies to discuss. Groups rotate every 10 minutes, recording key traits and defenses at each. Debrief as a class to compare findings.

Compare and contrast different types of malware (e.g., viruses, worms, ransomware).

Facilitation TipDuring Threat Identification Stations, circulate with a checklist to note which threats stump students and revisit those during the Malware Matching Game.

What to look forPresent students with three short scenarios. For each, ask them to identify the primary cyber threat described (malware, phishing, DoS) and briefly explain their reasoning. For example: 'An email arrives asking for your bank login to verify your account; what is this?'

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills
Generate Complete Lesson

Activity 02

Case Study Analysis30 min · Pairs

Phishing Email Creation Challenge: Pairs

Pairs craft realistic phishing emails using templates, then swap with another pair to identify scam indicators like poor grammar or fake URLs. Discuss effective defenses such as two-factor authentication. Vote on the most convincing scam.

Analyze the characteristics of a phishing attempt to identify potential scams.

Facilitation TipFor the Phishing Email Creation Challenge, provide a rubric upfront so pairs focus on realistic traits like urgency and sender spoofing, not just dramatic mistakes.

What to look forProvide students with a template asking them to name one type of malware and describe how it spreads. Then, ask them to list two specific actions they can take to protect themselves from phishing scams.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Case Study Analysis35 min · Whole Class

Malware Matching Game: Whole Class

Display cards with malware definitions, examples, and effects. Students match them in a timed relay race across the room. Review matches and extend to real-world prevention strategies like updates and antivirus software.

Predict the potential impact of a successful cyberattack on an individual or organization.

Facilitation TipIn the Cyber Impact Role-Play, assign roles based on student interests to keep engagement high, but prompt each group to document their scenario’s consequences in writing.

What to look forPose the question: 'Imagine a popular online game server is taken offline by a DoS attack. What are three potential impacts on the players and the game company?' Facilitate a class discussion to explore consequences like lost revenue, player frustration, and damage to reputation.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 04

Case Study Analysis40 min · Small Groups

Cyber Impact Role-Play: Small Groups

Assign roles like individual user, small business owner, or school admin facing a threat. Groups predict and act out consequences, then brainstorm mitigation plans. Share strategies in a gallery walk.

Compare and contrast different types of malware (e.g., viruses, worms, ransomware).

Facilitation TipDuring the Malware Matching Game, assign a timekeeper to keep the whole-class discussion moving, but pause after each match to ask students to justify their choices aloud.

What to look forPresent students with three short scenarios. For each, ask them to identify the primary cyber threat described (malware, phishing, DoS) and briefly explain their reasoning. For example: 'An email arrives asking for your bank login to verify your account; what is this?'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Teach cyber threats by connecting them to students’ lived experiences, such as fake login prompts they’ve seen or game server outages they’ve experienced. Avoid overwhelming them with jargon; instead, use comparisons like ‘a virus is like a flu that needs a host file to spread, while a worm is like a cold that jumps from person to person on its own.’ Research shows that active, collaborative tasks improve retention of technical concepts, so prioritize discussion and creation over lectures.

By the end of these activities, students should confidently identify malware types by their behaviors, detect phishing cues in varied formats, and articulate the real-world consequences of cyberattacks on individuals and organizations.

Watch Out for These Misconceptions

  • During Threat Identification Stations, watch for students grouping all malware together as ‘bad files’ that only spread through downloads.

    Use the Malware Matching Game to have students physically sort cards by behaviors: viruses need hosts, worms spread alone, and ransomware encrypts data. Ask them to debate why a ‘fake update’ link might be a worm, not a virus, using the station examples as evidence.

  • During the Phishing Email Creation Challenge, watch for students assuming phishing only happens in obvious emails with misspellings.

    Require pairs to include subtle phishing traits in their creations, like a spoofed sender address or a ‘limited-time’ offer. After sharing, facilitate a class vote on which emails felt most realistic, using the station samples as counterexamples.

  • During Cyber Impact Role-Play, watch for students dismissing attacks as only affecting big companies.

    Assign groups to role-play impacts on a student, a small business owner, and a gamer, then have them present their scenarios side by side. Use this to highlight how phishing or ransomware disrupts daily life, not just corporate networks.

Methods used in this brief

More in Networks and the Global Web

Introduction to Cloud Computing

Students will explore the concepts of cloud services, deployment models, and their advantages/disadvantages.

2 methodologies

Fundamentals of Cybersecurity

Students will define cybersecurity and identify its core principles (confidentiality, integrity, availability).

2 methodologies

Introduction to Cryptography

Students will explore basic cryptographic concepts, including symmetric and asymmetric encryption.

2 methodologies

Social Engineering Tactics

Students will learn about social engineering techniques and how attackers manipulate individuals to gain access.

2 methodologies

Digital Footprint and Online Privacy

Students will explore the concept of a digital footprint and strategies for managing online privacy.

2 methodologies