Summary

This lesson will increase student awareness of the concept that there are dangers associated with Internet usage. It addresses Internet Security with issues inherent to Internet usage: viruses, worms, Trojan horses, and identity theft. The primary objective of this lesson is to equip students with knowledge that will enable them to make responsible choices regarding their Internet use, to prevent security risks.

Outcomes

• Students will be able to identify key general attributes of the threats to the security of computers and information via the Internet such as viruses, worms, and Trojan Horses.
• Students will understand critical attributes of the sources, and consequences to individuals and society, of identity theft.
• Students will understand how to protect themselves and their computers from external threats.
• Students will develop a strategy to inform others of the security risks inherent to Internet usage.

Overview

Session 1

1. Getting Started (20 min) - Introduce vocabulary and discuss Internet security.
2. Guided Activity (30 min) - Students explore malicious code and its effects.

Session 2

1. Independent Activity (45 min) - Students explore Identity Theft and create an action plan to combat it.
2. Wrap Up (5 min) - Journaling about problems associated with the Internet.

Sources

• http://www.mwcsk12.org/faculty/twilson/ic3/i-safe/9-12/cyber%20security/Webcast%20Malicious%20Code.pdf - this lesson plan is based on using I-Safe. Since this is a subscription site, only parts of this lesson was used for inspiration and progression of the content instruction.
• http://www.tdbank.com/wowzone/lessons/gr9-12lesson10.pdf

Students will:

• Learn about the different types of malicious code and how to take prevention steps to safeguard their systems, data, and identity.
  
  
• Develop and practice habits of critical thinking when going online.
  
  
• Be able to help friends and family safeguard their systems, data, and identity online by advising them with secure cyber practices.

• How is cybersecurity impacting the ever increasing number of Internet users?
• What are some potential beneficial and harmful effects of computing?

• What are different types of malicious code and what is the intention of each attack?
• How can internet users protect themselves from malicious code and prevent such cybercrime attacks?
• How can internet users follow secure practices to reduce the risk of identity theft?

Vocabulary:

• Malicious Code
• Malware
• Virus
• Worm
• Rootkits
• Keyloggers
• Rootkits
• Spyware
• Adware
• Ransomware
• Bot
• Cybercrime
• Greyware
• Identity Theft
• Anti-virus
• Anti-spyware
• Anti-adware
• Restore point setting
• Backup
• Virus hoax
• Skimming
• Dumpster diving
• Phishing
• FTC

Teacher's resources:

• NA SAIT Security Video - Malicious Code - Malware Video - https://www.youtube.com/watch?v=7wAHZLFiY-E

Students' resources:

• writing journals
• blogs

Session 1

Getting Started (20 min)

1. Introduce the topic: Inform the students that today they will be talking about Internet security and participating in discussions about the dangers of viruses, worms, and Trojan horses, along with resources and prevention tips.
2. Ask students to define what they know about Internet security and malicious code. 
   • Malicious code is programming code designed with a harmful intent (to hack, cause damage, etc.). With Internet usage comes rights and responsibilities to protect your computer from malicious code. Malicious code causes millions of dollars in damage every year.
3.  Ask students to explain what they know about how the Internet works. Discuss how malicious code can spread across many computers so quickly.
   • Examine the idea of interconnectedness.
     
     
4. Introduce key vocabulary that will be used in the video (Have students write these words in their journals):
   • Malicious Code
   • Malware
   • Virus
   • Worm
   • Rootkits
   • Keyloggers
   • Rootkits
   • Spyware
   • Adware
   • Ransomware
   • Bot
   • Cybercrime
   • Greyware
   • Identity Theft
   • Anti-virus
   • Anti-spyware
   • Anti-adware
   • Restore point setting
   • Backup
   • Virus hoax
   • Skimming
   • Dumpster diving
   • Phishing
   • FTC

Guided Activity (30 min) - Malicious Code

1. Play the NA SAIT Security Video: "Malicious Code - Malware" at https://www.youtube.com/watch?v=7wAHZLFiY-E
   • AnnMarie Keim, IT Specialist, discuss the concepts of Internet Security and introduce the different types of malicious code and how to protect from this type of cybercrime.
2. Review the following words from previous lessons:
   • routers
   • firewalls
3. Students should consider the following questions and discuss their answers as a class:
   1. Have you or someone you’ve known experienced a virus, worm or Trojan horse? What was the outcome? What did you take away from this experience?
      • Cover the following:
        • Time involved fixing malicious code
        • Money spent – (by corporations and by individual to protect computer)
        • Frustration involved
   2. How can you avoid malicious code? 
      • Possible Answers:
        • Anti-virus software
        • Anti-spyware software
        • Anti-adware software
        • Restore points
        • Keep patches and updates current on your computer
        • Careful use of email
        • Careful use when downloading items
4. Show Famous Examples of Malware:
   • Famous viruses are used as examples:
     • When hackers attack: Five famous computer viruses: http://metro.co.uk/2010/08/11/when-hackers-attack-five-famous-computer-viruses-476483/
5. The concept of virus hoaxes is introduced:
   • http://www.nonprofit.net/hoax/infamy.html
6. Worms are introduced with famous ones used as examples:
   • The Most Famous (or Infamous) Viruses and Worms of All Time - http://www.eweek.com/c/a/Security/The-Most-Famous-or-Infamous-Viruses-and-Worms-of-All-Time/
7. Trojan horses are introduced and explained.
   • The 5 Top Worst Trojan Horses: http://www.zdnet.com/blog/btl/the-5-worst-computer-viruses/79014 

Session 2

Independent Activity (45 min)

Part 1 (20 min) - Introducing Identity Theft

1. Lead the students in a discussion, using the following open-ended questions as a guide, to discuss the concept and consequences of identity theft online.
   1. Have you, or someone you know, been the victim of identity theft? If yes, how was it handled?
      • What were the consequences?
      • What did the victim go through?
      • What did you take away from this experience?
2. The teacher will give this speech to the class: "Today we are going to learn about a fast-growing financial crime: identity theft. You will be able to list the common techniques used to steal one’s identity and know how to report that one’s identity is stolen. You will be able to list some behaviors to protect your financial records and personal information and to operate more safely online and with mobile devices.”
3. Present information about Identity theft. The consequences for all involved are discussed along with prevention tips and resources.
   • Definitions:
     • Identity theft is when a person acquires and then uses your name (and address, Social Security number) in order to apply for a credit card in your name or purchase products in your name.
     • Phishing occurs with electronic communication such as e-mail or text messaging. It is when someone pretends to be someone or something they are not to acquire your passwords, credit card or bank account information, or other personal information.
     • FTC: The Federal Trade Commission is an independent federal government agency (since 1914) whose mission is to promote consumer protection and help deter anti-competitive and unethical business practices such as deceptive advertising, phishing, and identity theft.
   • Watch 1 - 2 instructional videos by the Federal Trade Commission on identity theft.
     • “Identity Theft” (1 minute, 8 seconds) at: http://www.youtube.com/watch?v=-IEBVIh7bzc
     • FTC – Identity Theft.mp4 (1 minute, 53 seconds) at: http://www.youtube.com/watch?v=OoPJImjP1ZQ
   • Watch a video on phishing from CommonCraft.com (CommonCraft is a small company that makes videos intended for classroom use. You can join on the website, but some of their videos are free on YouTube):
     • “Phishing Scams in Plain English” (3 minutes, 5 seconds) at: http://www.youtube.com/watch?v=sqRZGhiHGxg&feature=relmfu
   • Review the major points of the videos. If your classroom does not have access to the Internet, the major points are:
     1. The top methods for stealing a person’s identity:
        • Dumpster Diving: Going through a person’s or household’s trash to look for credit card offers, bills, bank account numbers, pay stubs, anything with Social Security numbers, birth dates, bank or credit account number, or other personal information.
        • Skimming: Stealing credit card numbers with a small hand-held unit that can store your credit card number with a quick swipe of your card.
        • Phishing: Pretending to be a legitimate financial institution, government agency, or company though an e-mail, a pop-up message, a text message, etc.
        • Changing your address: Completing a change of address card at the Post Office to defer your mail to another location other than your home. Or hacking into your e-mail or online accounts to change your address or steal your personal information.
        • Stealing: Stealing mail from a person’s U.S. postal service mailbox, or stealing your mailed Income Tax Return; stealing wallets or purses; bribing employees who have access to employee personnel records.
4. Ask students if they can think of other unscrupulous methods for attempting to steal one’s identity or cleverly disguise phishing. Ask them if they have ever received a spam text message (it is likely that they have).
5. Ask students to come up with a list of the harmful things that could occur if your identity is stolen, for example:
   • Someone could withdraw money from your bank account using a debit card or credit card in your name.
   • Your credit score could drop if you exceed your credit limit.
   • You have to take the time and go through the expense of cancelling accounts, getting new accounts and account numbers, etc.

Part 2 (25 min) - Activity

1. Students will create an "Identity Theft Prevention Action Plan," including a purpose and list of ten guidelines, to share with family and friends after they have researched prevention tips on the FTC website.
   • Students may use their choice of the following Web 2.0 websites to create their action plan:
     • http://www.powtoon.com/ - create a presentation
     • http://www.livebinders.com/welcome/home  - create a curation
     • http://goanimate.com/  - create an animation
     • https://www.podomatic.com/login  - create a podcast
     • http://piktochart.com/  - create an infographic
   • Students will embed their action plan to a blog post in order to share with teacher, classmates, friends, and family. Students should email friends and family (minimum of three people with the teacher cc'd) the link to this blog post on Identity Theft Prevention Action Plan (title of blog post and subject line of email).
   • Possible Answers - What to do if you are a victim of Identity Theft: 
     • The FTC’s website is a one-stop resource to both learn about identity theft and walk you through the appropriate actions if your identity is stolen: http://www.ftc.gov/bcp/edu/microsites/idtheft/
     • Some possible steps if your identity is stolen:
       • Report the identity theft to the three major credit bureaus: Experian, TransUnion, and Equifax.
       • File a police report with local law enforcement.
       • Report the theft to the FTC online at www.ftc.gov/idtheft or by phoning 1-877-ID-THEFT (1-877-438-4338).
     • Possible ways for Deterring Identity Theft:
       • Shred financial documents that are not being kept for safeguarding. [This allows a teacher to cover the kind of information that should be held and for how long (in years). It also allows a teacher to cover what documents are best kept in a safe deposit box, a home safe, regular home files, etc.]
       • Do not carry around your Social Security card in your wallet.
       • Do not give out personal information over the phone or over the Internet unless you are absolutely sure who you are dealing with.
       • Choose computer and electronic passwords with care by avoiding birth dates, your Social Security number, your mother’s last name, etc.
       • Try not to have your postal mail pile up in your mailbox for several days; if you are going to be away for a few days, have your mail held at the post office until you return.
       • Do not click on suspicious links in e-mail or complete forms with your account number and password. Check the web address.
       • Be suspicious about regular bills that do not arrive on time, denials of credit for no apparent reason, calls or letters about purchases you did not make, charges on your financial statements that you do not recognize.
       • Use a password to access your mobile devices such as your cell phone, tablet (iPad), etc., just as you would have a password to get access to your e-mail accounts.

Wrap Up (5 min)

Students will read the following prompt and respond in their journals:

• The only 100% way to prevent malicious code attacks and identity theft is to not go on the Internet. 
• Do you see that as a viable solution for individuals? Corporations? Support your answer.

Homework

On your home computer, see how vulnerable you are to malware and identity theft:

• Carry out some remedies and prevention tips (minimum of three tasks) that you learned today.
• On your blog, list what you did to safeguard your system, your data, and your identity.
• Be prepared to share in the next class

Extensions/Differentiation:

• Malicious Activity World Map - http://www.team-cymru.org/Monitoring/Malevolence/maps.html - a map that shows malicious activity in world
• Malware Classifications - http://maple.cs.umbc.edu/ce21/instruction/login - provides classifications of different types of malware
• Current Threat Activity - http://www.trendmicro.com/us/security-intelligence/current-threat-activity/ - shows what the current malware threats are and what can be used to prevent them from impacting your computer.
• The Malicious Top Ten - http://www.trendmicro.com/us/security-intelligence/current-threat-activity/malicious-top-ten/index.html - Top ten countries with malicious sources
• Threat Encyclopedia - http://about-threats.trendmicro.com/us/glossary/all
• Threat Intelligence Resources - http://about-threats.trendmicro.com/us/infographics
•  Why do cyber attackers do what they do? - http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrime-hits-the-unexpected/

• Journal writings
  • Introduction question prompts
  • Wrap-up question prompt
    
    
• Class discussions - answers, input, and further inquiry by students
  
  
• Identity theft prevention plan

Unit Assessment and Investigate/Explore Performance Project – at end of unit.