Cybersecurity Threats: Phishing & Malware
Understanding common threats like phishing and malware and how to defend against them.
About This Topic
Cybersecurity threats like phishing and malware pose real risks to individuals online. In Year 7, students explore phishing as deceptive emails or messages that trick users into sharing personal data or clicking harmful links. They identify common signs such as urgent language, unexpected attachments, and suspicious sender addresses. Malware includes viruses that replicate and damage files, trojans that disguise as legitimate software, and ransomware that locks devices until payment. Students learn why hackers target individuals: personal data fuels identity theft, and everyday users often lack strong defences compared to corporations.
This topic aligns with KS3 Computing standards on online safety and cybersecurity within the Impacts and Digital Literacy unit. It develops critical thinking by analysing threats and evaluating defences like strong passwords, software updates, and two-factor authentication. Students connect these concepts to daily digital habits, fostering responsible online behaviour.
Active learning suits this topic well. Role-playing phishing scenarios or dissecting mock emails in groups makes abstract threats concrete. Simulations of malware spread encourage collaborative problem-solving, helping students internalise safe practices through trial and reflection.
Key Questions
- Explain why hackers target individuals rather than just large corporations.
- Analyze the common characteristics of a phishing attempt.
- Differentiate between various types of malware and their impact.
Learning Objectives
- Analyze the common tactics used in phishing attempts to deceive individuals.
- Differentiate between at least three types of malware (e.g., virus, trojan, ransomware) and explain their distinct impacts.
- Evaluate personal online behaviours and propose specific strategies to mitigate the risk of phishing and malware infection.
- Explain why cybercriminals target individuals, citing at least two motivations.
Before You Start
Why: Students need a basic understanding of how the internet works and common communication methods like email to grasp how threats are delivered.
Why: Prior knowledge of responsible online behaviour provides a foundation for understanding the consequences of falling victim to cyber threats.
Key Vocabulary
| Phishing | A fraudulent attempt, usually made through deceptive emails, messages, or websites, to trick individuals into revealing sensitive information like passwords or credit card details. |
| Malware | Short for malicious software, this includes viruses, worms, trojans, ransomware, and spyware designed to harm or exploit computer systems or data. |
| Ransomware | A type of malware that encrypts a victim's files, demanding a ransom payment, typically in cryptocurrency, to restore access. |
| Trojan Horse | Malware disguised as legitimate software or a useful file, which, once executed, allows attackers to gain unauthorized access or cause damage. |
| Social Engineering | The psychological manipulation of people into performing actions or divulging confidential information, often used as a component of phishing attacks. |
Watch Out for These Misconceptions
Common MisconceptionPhishing emails only come from unknown senders.
What to Teach Instead
Phishing often mimics trusted contacts or banks to build false security. Active role-plays where students craft and spot fakes reveal how familiarity lowers guards. Group discussions refine detection skills through shared examples.
Common MisconceptionAntivirus software stops all malware completely.
What to Teach Instead
Antivirus detects known threats but misses new variants; safe habits matter more. Simulations of malware bypassing scans show this gap. Hands-on trials with mock infections build layered defence awareness.
Common MisconceptionHackers target people for fun, not real gain.
What to Teach Instead
Hackers seek data for fraud or sale, targeting individuals as easy marks. Analysing case studies in groups connects motives to impacts. Collaborative threat mapping clarifies economic drivers.
Active Learning Ideas
See all activitiesStations Rotation: Threat Identification Stations
Prepare four stations with sample phishing emails, malware descriptions, hacker motivation articles, and defence checklists. Students rotate every 10 minutes, annotating examples and discussing traits in their groups. End with a class share-out of key findings.
Pairs: Phishing Email Dissection
Provide pairs with three emails: one real phishing, one safe, one borderline. Pairs highlight red flags like poor grammar or urgent demands, then justify classifications. Pairs present one email to the class for peer vote.
Whole Class: Malware Simulation Game
Use a digital tool or board game where malware spreads across a network of student 'devices.' Students vote on actions like updating software to contain it. Debrief on real-world impacts and prevention.
Individual: Defence Strategy Posters
Students research one defence method, such as recognising phishing or using antivirus. They create posters with steps and examples, then gallery walk to peer-review and add feedback.
Real-World Connections
- Cybersecurity analysts at companies like Google investigate millions of reported phishing emails daily, developing filters and security protocols to protect users of services like Gmail.
- Individuals can become victims of identity theft if their personal data, stolen through phishing, is sold on the dark web to criminals who then open fraudulent accounts or take out loans in their name.
- The National Health Service (NHS) experienced significant disruption from the WannaCry ransomware attack in 2017, highlighting how malware can impact critical public services and patient care.
Assessment Ideas
Provide students with three short scenarios describing online interactions. Ask them to identify which scenario represents a phishing attempt, explain why, and suggest one action they would take to stay safe.
Pose the question: 'Why might a hacker be more interested in stealing your social media password than a large bank's entire customer database?' Facilitate a class discussion, guiding students to consider the value of individual data and the ease of targeting less protected users.
Present students with a mock email that contains common phishing indicators (e.g., urgent tone, generic greeting, suspicious link). Ask them to highlight at least two red flags and explain what makes them suspicious.
Frequently Asked Questions
How can active learning help students understand cybersecurity threats?
What are the common characteristics of a phishing attempt?
Why do hackers target individuals rather than just large corporations?
How can students defend against phishing and malware?
More in Impacts and Digital Literacy
Introduction to Digital Citizenship
Students will explore what it means to be a responsible digital citizen and the importance of online etiquette.
2 methodologies
Online Etiquette and Netiquette
Students will learn about appropriate communication and behaviour in various online environments, including social media and forums.
2 methodologies
The Digital Footprint: Data Collection
Exploring how personal data is collected and the long term consequences of an online presence.
3 methodologies
Privacy Settings and Online Identity
Students will learn to manage privacy settings on various platforms and understand how their online identity is constructed.
2 methodologies
Cyberbullying and Online Harassment
Understanding the forms of cyberbullying, its impact, and strategies for prevention and response.
3 methodologies
Strong Passwords and Authentication
Students will learn best practices for creating strong passwords and explore different authentication methods.
2 methodologies