π Understanding Phishing Scams: A Cyber Safety Lesson for High School
This lesson plan provides a comprehensive guide for educators to teach high school students about phishing scams, their impact, and how to protect themselves. It includes objectives, materials, a warm-up activity, main instruction, and assessment methods.
Objectives
- π― Define phishing and explain its purpose.
- π΅οΈββοΈ Identify common phishing techniques.
- π‘οΈ Recognize the potential consequences of falling victim to phishing.
- π‘ Apply strategies to protect themselves from phishing attacks.
Materials
- π» Computers with internet access
- π₯οΈ Projector
- π Handouts with examples of phishing emails and websites (can be real or fabricated for educational purposes)
- β
Quiz or worksheet for assessment
Warm-up Activity (5 minutes)
- π£οΈ Initiate a brief class discussion about online safety. Ask students about their experiences with suspicious emails or websites.
- β Pose the question: "What makes you suspicious of an email or website?" Gather a few quick responses.
π£ Main Instruction
1. Defining Phishing (10 minutes)
- π Explain that phishing is a type of online fraud where criminals attempt to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, and personal identification numbers (PINs).
- π§ Show examples of real or fabricated phishing emails. Highlight common elements such as urgent requests, grammatical errors, and suspicious links.
2. Common Phishing Techniques (15 minutes)
- π Discuss how phishers often use deceptive links that appear legitimate but redirect to fake websites. Explain how to hover over links to preview the actual URL.
- π¨ Explain the use of scare tactics, such as claiming that an account will be suspended if information is not provided immediately.
- π Describe how some phishing scams offer rewards or prizes to lure victims.
- π€ Explain 'spear phishing', which targets specific individuals with personalized information to increase credibility.
3. Consequences of Phishing (10 minutes)
- π Explain potential identity theft and financial loss.
- π Discuss compromised online accounts (email, social media, banking).
- π Describe damage to reputation and credit score.
4. Protection Strategies (15 minutes)
- π§ Emphasize the importance of verifying the sender's identity by contacting the organization directly through official channels (phone, official website).
- π‘οΈ Advise students to be cautious of emails requesting personal information. Legitimate organizations rarely ask for sensitive data via email.
- π±οΈ Teach students to hover over links before clicking to check the actual URL.
- π Promote the use of strong, unique passwords and multi-factor authentication (MFA).
- π Encourage students to keep software and antivirus programs up-to-date.
- π« Advise against opening attachments or clicking links from unknown senders.
- π’ Highlight the importance of reporting suspicious emails to the relevant authorities (e.g., IT department, Anti-Phishing Working Group).
β
Assessment
Use these questions to assess student understanding of phishing scams. Encourage discussion and critical thinking.
- What is phishing, and what is its main goal?
- Give three examples of common phishing techniques.
- What are the potential consequences of falling for a phishing scam?
- What steps can you take to protect yourself from phishing attacks?
- Why is it important to verify the sender's identity before providing personal information?
- What should you do if you receive a suspicious email?
- Explain the importance of using strong passwords and multi-factor authentication.