Computer Science
Grade 9
20 min
2. Common Cyber Threats: Malware, Phishing, and Social Engineering
Introduce common cyber threats such as malware, phishing, and social engineering attacks.
Tutorial Preview
1
Introduction & Learning Objectives
Learning Objectives
Define malware, phishing, and social engineering.
Differentiate between common malware types like viruses, worms, trojans, and ransomware.
Identify at least four key characteristics of a phishing attempt in an email or text message.
Explain how social engineering tactics use psychology (like urgency or trust) to manipulate people.
Analyze a suspicious digital message and determine the appropriate, safe course of action.
Describe three preventative measures to protect themselves from these common cyber threats.
Ever gotten a text saying you've won a new phone you never signed up for? 🤔 Let's investigate the tricks cyber attackers use to fool us.
In this lesson, we'll explore the world of digital threats, focusing on malware, phishing, and...
2
Key Concepts & Vocabulary
TermDefinitionExample
MalwareShort for 'malicious software,' it's any software intentionally designed to cause damage to a computer, server, client, or computer network.A virus that you accidentally download which corrupts your school project files, making them unreadable.
PhishingA cyber attack where scammers try to trick you into giving up sensitive information (like passwords or credit card numbers) by pretending to be a trustworthy company or person in an email, text, or direct message.You receive an email that looks like it's from Netflix, saying your account is suspended. It asks you to click a link and re-enter your credit card details on a fake website.
Social EngineeringThe art of psychologically manipulating people into performing actions or revealing confide...
3
Core Syntax & Patterns
The Urgency & Fear Tactic
IF a message creates a strong sense of urgency or fear, THEN it is highly suspicious.
Attackers use phrases like 'URGENT ACTION REQUIRED' or 'Your account has been compromised!' to make you panic and act without thinking. Legitimate organizations typically do not use such high-pressure tactics.
The Link Verification Rule
ALWAYS hover over a link to preview the destination URL BEFORE you click it.
Phishing attacks rely on you clicking a malicious link. The text might say 'netflix.com/login', but hovering over it might reveal the true destination is 'secure-login-netflix.scamsite.biz'. If the previewed URL doesn't match the expected official website, do not click.
The 'Too Good To Be True'...
4 more steps in this tutorial
Sign up free to access the complete tutorial with worked examples and practice.
Sign Up Free to ContinueSample Practice Questions
Challenging
A social engineering attack often bypasses technical security controls (like firewalls) by targeting the human element. Which preventative measure is MOST effective at mitigating a social engineering attack where an attacker tries to trick you into revealing your password?
A.Enabling Two-Factor Authentication (2FA).
B.Using an up-to-date antivirus program.
C.Having a very strong and complex password.
D.Encrypting your hard drive.
Challenging
An attacker sends a phishing email pretending to be from a charity, asking for donations to help victims of a recent natural disaster. This social engineering tactic primarily exploits which human emotion?
A.Fear
B.Greed
C.Curiosity
D.Empathy and Trust
Challenging
A user downloads a 'free photo editor' (a Trojan). After installation, the program secretly installs another piece of malware that spreads to other computers on the network without user interaction. Finally, this second piece of malware encrypts the files on all infected computers. What three types of threats are demonstrated in this sequence?
A.Trojan, Worm, Ransomware
B.Virus, Phishing, Social Engineering
C.Ransomware, Virus, Trojan
D.Phishing, Worm, Virus
Want to practice and check your answers?
Sign up to access all questions with instant feedback, explanations, and progress tracking.
Start Practicing Free