Cybersecurity Basics: Phishing and Scams
Students learn to identify common online threats like phishing emails and scams, and strategies to protect themselves.
About This Topic
Cybersecurity basics introduce Year 6 students to phishing emails and online scams, threats they encounter on devices and social platforms. Students examine key characteristics: urgent requests for passwords, unknown senders with generic greetings, spelling errors, suspicious links, and attachments. They practice differentiating legitimate messages from fakes and build checklists with steps like checking sender details, hovering over links without clicking, and verifying through official sites.
This content supports the UK National Curriculum's KS2 Computing focus on online safety within the global web unit. It cultivates digital literacy, critical thinking, and responsible habits that extend to family protection and future tech use. By linking to everyday scenarios, such as fake prize offers or bank alerts, students grasp the real impact of threats on personal data and finances.
Active learning excels in this topic because students engage directly with mock threats through sorting tasks and role-plays. These methods transform passive warnings into memorable skills, encourage peer teaching, and build confidence in spotting dangers collaboratively.
Key Questions
- Analyze the characteristics of a phishing email or online scam.
- Differentiate between legitimate and suspicious online communications.
- Construct a checklist for identifying potential online threats.
Learning Objectives
- Analyze the common features of phishing emails and online scams, such as urgent language, suspicious links, and unexpected attachments.
- Differentiate between legitimate online communications and fraudulent attempts to obtain personal information.
- Create a personal checklist of at least five criteria to evaluate the safety of an online message or request.
- Explain the potential consequences of falling victim to online scams, including identity theft and financial loss.
Before You Start
Why: Students need a foundational understanding of responsible online behavior before learning about specific online threats.
Why: Familiarity with how the internet and email work is necessary to understand the context of phishing and scams.
Key Vocabulary
| Phishing | A type of online scam where criminals impersonate legitimate organizations or individuals to trick people into revealing sensitive information, like passwords or credit card numbers. |
| Scam | A dishonest scheme, often online, designed to trick people out of money or personal data. Phishing is a specific type of scam. |
| Suspicious Link | A web address in an email or message that looks unusual, may be misspelled, or leads to a website different from what is expected, often designed to steal information. |
| Personal Information | Details about yourself that should be kept private, such as your full name, address, date of birth, passwords, and bank account details. |
| Two-Factor Authentication | An extra layer of security for online accounts that requires two different pieces of evidence to verify your identity, like a password and a code sent to your phone. |
Watch Out for These Misconceptions
Common MisconceptionEmails from familiar company names are always safe.
What to Teach Instead
Phishers copy logos and names exactly but use fake domains. Sorting activities with peer justification help students spot subtle differences like 'bankk.com' versus 'bank.com'. Group discussions reinforce checking official sources.
Common MisconceptionLinks from friends on social media are trustworthy.
What to Teach Instead
Accounts get hacked, spreading scams. Role-play scenarios let students practice verifying with the friend offline, building caution through trial and shared feedback in pairs.
Common MisconceptionOnly adults face online scams.
What to Teach Instead
Children receive phishing too, like fake game rewards. Analyzing child-targeted examples in class reveals patterns, with collaborative checklists correcting assumptions and promoting universal vigilance.
Active Learning Ideas
See all activitiesGroup Sort: Phishing Email Detective
Print 10 sample emails, half real and half phishing. Small groups sort them into 'safe' or 'threat' piles and note evidence for each choice. Groups share one example with the class for whole-group discussion.
Pairs Role-Play: Scam Call Challenge
Pairs take turns as 'scammer' and 'victim' using scripted phone or chat scenarios. The victim practices safe responses like hanging up or blocking. Switch roles and debrief on effective strategies.
Whole Class: Checklist Builder
Brainstorm phishing red flags on the board. Vote on top five for a class checklist. Students copy it and test against new examples projected on screen.
Individual: Threat Spotter Quiz
Provide screenshots of websites and messages. Students mark suspicious elements with sticky notes and justify choices in writing. Collect for feedback.
Real-World Connections
- Cybersecurity analysts at companies like Google and Microsoft constantly monitor for new phishing techniques to protect millions of users from fake login pages and malware.
- Your bank, such as Barclays or HSBC, will never ask for your PIN or full password via email or text message; they use secure methods for verification.
- Online shopping websites like Amazon or eBay use security measures to protect customer data, but users must still be vigilant against fake order confirmation emails that try to steal payment details.
Assessment Ideas
Provide students with three sample email subject lines. Ask them to write 'Safe' or 'Suspicious' next to each and briefly explain their reasoning for at least one 'Suspicious' choice.
Present a mock phishing email on the board. Ask students to identify at least three red flags within the email and explain why each is a warning sign.
Ask students: 'Imagine a friend received a message saying they won a prize but need to pay a small fee to claim it. What advice would you give them based on what we've learned about scams?'
Frequently Asked Questions
What are key signs of phishing emails for Year 6?
How can active learning help students grasp phishing and scams?
What strategies protect Year 6 students from online scams?
How to teach cybersecurity basics in Year 6 Computing?
More in The Global Web and Network Infrastructure
Introduction to Networks: Local Connections
Students explore how devices connect in a local area network (LAN) and the basic components involved.
2 methodologies
Data Packets: Breaking Down Information
Students learn how large pieces of data are broken into smaller packets for efficient transmission across networks.
2 methodologies
The Internet: A Global Infrastructure
Students distinguish between the physical infrastructure of the internet (cables, servers) and the World Wide Web.
2 methodologies
The World Wide Web: Clients and Servers
Students explore how web browsers (clients) request information from web servers to display websites.
2 methodologies
URLs and IP Addresses
Students learn about Uniform Resource Locators (URLs) and Internet Protocol (IP) addresses and their roles in locating web resources.
2 methodologies
Introduction to Network Security
Students are introduced to basic concepts of network security, including the importance of strong passwords and safe online practices.
2 methodologies