Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Unit 03 - Lesson element - Don't go phishing! (DOC, 445KB)

advertisement 
Lesson Element
Unit 3: Cyber Security
Don’t Go Phishing!
Instructions and answers for tutors
These instructions cover the learner activity section which can be found on page 5. This
Lesson Element supports Cambridge Technicals in IT Level 3.
When distributing the activity section to the learners either as a printed copy or as a
Word file you will need to remove the tutor instructions section.
The activity
In this Lesson Element the learners are tasked with researching types of phishing and
presenting their findings in an information guide for a small business owner.
Suggested timings

Activity 1: 10 minutes

Activity 2: 10 minutes

Activity 3: 5 minutes

Activity 4: 5 minutes

Activity 5: 30 minutes

Activity 6: 30 minutes
ABC – This activity offers an
opportunity for English skills
development.
WORK – This activity offers
an opportunity for work
experience.
Activity 1
Begin by introducing your learners to the term phishing. A resource that you could make
reference to for this definition is found on the following web page:
http://niccs.us-cert.gov/glossary#letter_p
It presents a succinct definition of phishing.
Show the learners the following example of a phishing scam that affected Virgin Media
customers in March 2015. It presents a fake PayPal phishing page.
http://www.net-security.org/secworld.php?id=18153
Activity 2
Show the learners the following short video (8 minutes) produced by CompTIA.
https://www.youtube.com/watch?v=p4pLVN_hVsU
This video presents a short introduction to man-in-the-middle attacks.
Activity 3
Show the learners the following short video (3 minutes) produced by CompTIA.
https://www.youtube.com/watch?v=aL_m6jelF1M
This video presents a short introduction to vishing.
Activity 4
Show the learners the following short video (3 minutes) produced by CompTIA.
https://www.youtube.com/watch?v=IasCyIKGwlA
This video presents a short introduction to whaling.
2
Version 1
Copyright © OCR 2015
Activity 5
Ask the learners to research the following types of phishing:

Spear phishing.

Whaling.

Pharming.

Man-in-the-middle-attack.

Vishing.
Ask them to provide the following details of each type:

A definition.

How the attack is carried out.

The impact that it can have.
Direct your learners to refer to the following resources:
http://www.cpni.gov.uk/documents/publications/2013/2013053-spear-phishingunderstanding-the-threat.pdf?epslanguage=en-gb
The above web page discusses spear phishing in some detail.
https://www.natlbank.com/NBCT/media/pdfs/phishing.pdf
This resource produced by the National Banks of Central Texas, discusses how to recognize
phishing scams and fraudulent e-mails.
http://www.actionfraud.police.uk/fraud-az-phishing
A discussion on phishing.
https://www.fishnetsecurity.com/6labs/blog/tip-spear-phishing-or-spearphishing
A discussion on spear phishing.
http://www.scambusters.org/whaling.html
A discussion on whaling.
3
Version 1
Copyright © OCR 2015
Activity 6
Ask your learners to create an information guide for a small business owner. Ask them to
document all the sources of information that they use in a detailed bibliography.
We’d like to know your view on the resources we produce. By clicking on ‘Like’ or ‘Dislike’ you can help us to ensure that
our resources work for you. When the email template pops up please add additional comments if you wish and then just
click ‘Send’. Thank you.
If you do not currently offer this OCR qualification but would like to do so, please complete the Expression of Interest
Form which can be found here: www.ocr.org.uk/expression-of-interest
OCR Resources: the small print
OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to
use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these
resources.
© OCR 2015 - This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work.
OCR acknowledges the use of the following content: Maths and English icons: Air0ne/Shutterstock.com
Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications: resources.feedback@ocr.org.uk
4
Version 1
Copyright © OCR 2015
Lesson Element
Unit 3: Cyber Security
Learner Activity
Don’t Go Phishing!
In this Lesson Element you are going to research types of phishing and present your findings
in an information guide for a small business owner.
Activity 1
In this task you are going to focus on the term phishing.
The following web page presents a definition of the term:
http://niccs.us-cert.gov/glossary#letter_p
Make notes and ask your tutor to clarify anything that you are unsure of.
Read through the following example of a phishing scam that affected Virgin Media
customers in March 2015. It presents a fake PayPal phishing page.
http://www.net-security.org/secworld.php?id=18153
Activity 2
In this task you are going to watch the following short video produced by CompTIA. It is a
short introduction to man-in-the-middle attacks
https://www.youtube.com/watch?v=p4pLVN_hVsU
Make notes and ask your tutor to clarify anything that you are unsure of.
Activity 3
In this task you are going to watch the following short video produced by CompTIA. It is a
short introduction to vishing.
https://www.youtube.com/watch?v=aL_m6jelF1M
Make notes and ask your tutor to clarify anything that you are unsure of.
Version 1
5
Copyright © OCR 2015
Activity 4
In this task you are going to watch the following short video produced by CompTIA. It is a
short introduction to whaling.
https://www.youtube.com/watch?v=IasCyIKGwlA
Make notes and ask your tutor to clarify anything that you are unsure of.
Activity 5
Research the following types of cyber security incidents:

Spear phishing.

Whaling.

Pharming.

Man-in-the-middle-attack.

Vishing.
Provide the following details of each type of attack:
Version 1

A definition.

How the attack is carried out.

The impact that it can have.
6
Copyright © OCR 2015
The following news websites and news blogs will help you with your research:
http://www.cpni.gov.uk/documents/publications/2013/2013053-spear-phishingunderstanding-the-threat.pdf?epslanguage=en-gb
This discusses spear phishing in some detail.
https://www.natlbank.com/NBCT/media/pdfs/phishing.pdf
This resource produced by the National Banks of Central Texas, discusses how to recognize
phishing scams and fraudulent e-mails.
http://www.actionfraud.police.uk/fraud-az-phishing
This discusses phishing.
https://www.fishnetsecurity.com/6labs/blog/tip-spear-phishing-or-spearphishing
This discusses spear phishing.
http://www.scambusters.org/whaling.html
This discusses whaling.
Document all the sources of information that you use in a detailed bibliography.
Activity 6
Create an information guide, based on your findings and ensure that you include a detailed
bibliography that contains the sources of all the information that you have referred to.
Version 1
7
Copyright © OCR 2015
Related documents
The following malicious email was received by members of the
The following malicious email was received by members of the
Internet Safety - CFFinfo
Internet Safety - CFFinfo
Download
advertisement