Start PL

Cybercrime – threats and consequences

Project "Innovations in VET education" is co-funded by the European Union

Introduction to the WebQuest Topic
Information for the teacher

Wprowadzenie do tematu WQ

In today's rapidly developing digital world, cybercrime is one of the biggest threats to privacy, security, and the functioning of information systems worldwide. From minor internet fraud to sophisticated attacks on corporate servers, cybercriminals use various techniques to gain access to confidential data or disrupt system operations. The goal of this WebQuest is to understand the mechanisms of cybercrime and learn effective protection methods.

By understanding the threats posed by cyberattacks, such as phishing, ransomware, DDoS, and cyberstalking, students will be better equipped to protect themselves and their data online. During the WebQuest, students will analyze specific cybercrime cases, learn about their consequences, and practice effective responses to such threats. This knowledge is crucial both for daily life and in future professional careers.

Overview of the key cybercrime threats:

Phishing and email fraud

Phishing is one of the most common forms of cyberattacks, where criminals impersonate trusted institutions or people to steal sensitive information like login credentials, passwords, or credit card numbers. Criminals use various techniques to make their actions look legitimate, such as sending emails that resemble official notifications from banks, companies, or social platforms. Often, these emails contain links to fake websites where users unknowingly provide their data.

Phishing leads to severe consequences, ranging from losing access to online accounts to identity theft and financial fraud.

Ransomware and malware

Ransomware is malicious software that locks a user’s data, demanding ransom for its release. This type of attack occurs on personal computers and corporate systems alike. After infecting the system, criminals encrypt files and demand payment to unlock them. Companies that lose access to client data or financial information often face significant financial losses and operational disruptions.

Malware is a general term for malicious software, including viruses, trojans, spyware, and other programs that can damage data, steal information, or control a user’s system without their knowledge.

DDoS (Distributed Denial of Service) Attacks

DDoS attacks are one of the most destructive ways to disrupt the functioning of online systems. These attacks involve overwhelming a server or network with a massive number of requests, making services unavailable to legitimate users. When this happens, the server cannot handle the traffic and the website or service becomes inaccessible.

For businesses, DDoS attacks can lead to significant financial losses, loss of customers, and a decrease in brand trust.

Cyberstalking and Social Media Fraud

Cyberstalking is digital harassment, where criminals target and control victims through electronic means, such as social media, messaging apps, or email. Cyberstalking can invade privacy and even cause significant emotional and psychological problems.

Fraud on social media involves creating fake profiles, impersonating others, stealing information, or asking for money. Criminals often use social engineering techniques, manipulating victims into providing sensitive data or money.

Why It’s Important to Explore the Topic of Cybercrime?

Cybercrime is constantly evolving, and threats to data security and user privacy increase every year. Understanding how cybercriminals operate, identifying potential threats, and knowing the steps to protect data are skills that are essential today. Everyone who uses the internet can become a target of cybercrime, making education about the threats and defense methods important for all users, especially for future IT and security professionals.

Protecting Against Cybercrime – How to Defend Against the Most Common Types of Attacks?

Awareness of cyber threats is the first step toward effective protection, but it is equally important to implement specific actions and strategies to secure against various types of cyberattacks. Here are the most important protection measures against phishing, ransomware, DDoS attacks, cyberstalking, and other online threats:

Protection Against Phishing and Email Fraud

Check Email Addresses and Links: Before clicking on a link in an email, check if it comes from a trusted source. Be cautious of small mistakes in addresses that can indicate fraudulent websites (e.g., "g00gle.com" instead of "google.com").

Never Provide Sensitive Information: Banks and trusted institutions will never ask for login information via email. Avoid sharing confidential information through emails.

Use Anti-Phishing Filters: Most modern antivirus programs and web browsers offer anti-phishing features. Make sure to use them to detect suspicious emails automatically.

Stay Educated and Be Cautious: Phishing is one of the most common types of fraud, so it’s important to regularly educate yourself about new techniques used by criminals.

Protection Against Ransomware and Malware

Regular Data Backups: Since ransomware encrypts data and demands ransom, creating regular backups helps recover files without paying the ransom. Backups should be stored offline or in a well-secured cloud.

Use Updated Antivirus Software: Antivirus programs are the first line of defense against malicious software. Regularly update your antivirus software to protect your computer from new malware threats.

Avoid Opening Attachments or Downloading Files from Unknown Sources: Attachments and files from unknown sources may contain malware. Opening such files can infect your system, so avoid suspicious attachments.

Keep Software Updated: Cybercriminals often exploit vulnerabilities in outdated software. Regularly updating operating systems and applications closes these gaps, making it harder for ransomware to infect systems.

Defense Against DDoS Attacks

Use Security Systems and Traffic Monitoring: Companies can use security systems, such as Web Application Firewalls (WAF), and network traffic management systems to detect and block suspicious activity related to DDoS attacks.

Work with DDoS Protection Service Providers: For businesses operating online, it's recommended to collaborate with DDoS protection service providers, who offer tools to filter traffic and detect abnormal traffic patterns.

Distribute Traffic During Large Attacks: Some companies distribute traffic to multiple servers to avoid overloading a single server, reducing the impact of DDoS attacks.

Create DDoS Response Plans: Companies should have a plan in place to respond to DDoS attacks, so they can act quickly to minimize service interruptions and damage.

Protection Against Cyberstalking and Social Media Fraud

Limit Access to Your Profiles: Privacy settings allow you to control who can see your posts and contact you. Make sure to set privacy so that only friends can access your content.

Avoid Sharing Private Information: The less personal information you share on social media, the less criminals can exploit. Avoid posting your location, contact details, or photos of your children.

Block Suspicious Profiles and Report Cyberstalking: If you suspect someone is stalking or harassing you, you can block that person and report the issue to the platform administrator. For serious threats, consider contacting the authorities.

Watch Out for Fake Accounts: Cybercriminals often create fake profiles to deceive and steal information. Always verify whether a profile is legitimate and check if the user has suspicious connections.

General Online Safety Tips

Strong and Unique Passwords: Use long, unique passwords for different accounts and change them regularly. A password manager can help you remember and protect your passwords.

Enable Two-Factor Authentication (2FA): Activate two-factor authentication whenever possible. This adds an extra layer of security by requiring login confirmation through SMS or an app.

Be Careful with Public Wi-Fi Networks: Using public Wi-Fi networks, especially for logging into important accounts, increases the risk of data interception. Using a VPN is recommended to encrypt your connection.

Keep Software Updated: Ensure that both your operating system and installed apps are regularly updated. Updates often contain security patches that help protect your system from attacks.

Awareness of Threats and Education: One of the most important aspects of protection is awareness and education. Users who are aware of the latest methods used by cybercriminals are less likely to fall victim to attacks.

Information for the teacher

The WebQuest is designed for vocational school students who are studying fields related to IT and electronics. The aim of the project is to familiarize students with the topic of cybercrime, online threats, and the consequences of cyberattacks. This WebQuest will allow students to explore different types of cybercrime, their mechanisms, and ways to protect against them.

Students will work in groups, with each group preparing a presentation on a selected type of cybercrime, discussing potential threats, and presenting real-world cases related to the topic. Each group will also develop a short simulation of an attack scenario and propose protection measures against this threat.

By completing this WebQuest, students will:

• Learn about the types of cybercrime such as phishing, malware, ransomware, DDoS attacks, cyberstalking, and online fraud.

• Understand the mechanisms of cyberattacks and how to recognize them.

• Grasp the consequences of cybercrime for victims and businesses, including threats to data security and the risk of financial losses.

• Learn basic methods of protection against cyber threats, such as securing passwords, regular software updates, and using antivirus programs.

Students will work both independently, gathering information, and in groups, preparing skits and presentations. This will allow them to develop both individual and teamwork skills.

Suggested time for completing the WebQuest:

The project is scheduled for 12 hours of classes.

Assessment criteria, to be evaluated:

• Depth of topic coverage (maximum grade: 5, exceeding this knowledge: grade 6).

• Aesthetics of the presentation and the manner in which information is presented.

• Engagement and teamwork skills demonstrated by the students.

Evaluation:

• The teacher will help students analyze the content together until they fully understand it. The teacher will provide assistance, advice, and explanations, not ready-made solutions. This method will be a good way to encourage independent work and creative thinking.

• The teacher should carefully analyze the content with students until they fully understand it. The teacher should be more of a guide, offering advice and explanations, rather than giving ready-made solutions. This approach fosters self-reliance and creative thinking.

• The division into groups can be based on various criteria, such as cognitive abilities, skills, and interests, to ensure a balanced distribution of strengths among the groups.

• The teacher can assist students working in groups by asking guiding questions. It's important to note that they are learning a new way of working (a process).

• The teacher should provide specific feedback on the evaluation of their achievements during group work and in the final summary of results.

• The time allocated for the project should be adjusted to the capabilities of the students. It is not fixed. The time frames for each stage should be treated as guidelines.

TASK

Divide into 4 groups. Each group will work on one type of cybercrime. During the task, each group member will take on a specific role (e.g., cybersecurity expert, victim, hacker, cybersecurity analyst) and perform a skit illustrating the course of a cyberattack and its consequences. Present the threats, the mechanism of action, real-world examples of incidents, and ways to protect against this type of cybercrime.

Types of cybercrime for the groups:

• Group 1: Phishing and email fraud

• Group 2: Ransomware and malware attacks

• Group 3: DDoS (Distributed Denial of Service) attacks

• Group 4: Cyberstalking and social media fraud

Why will you work in groups?

Each group will work on a different topic, allowing you to explore the various types of cybercrime and see how different protection methods apply. Group work will also provide mutual support, role distribution, and better preparation for presenting the discussed threats.

Stage 1: Introduction to the task

• The teacher will introduce the topic of cybercrime and discuss general threats related to online security.

• Each group will learn about its assigned type of cybercrime and prepare initial ideas for the presentation and skit.

Stage 2: Work on the presentation and skit

• Each group will gather information on the assigned threat using materials provided by the teacher and additional reliable sources.

• Groups will prepare a multimedia presentation describing the characteristics of the threat, real-world examples of incidents, and protection measures.

• Students will assume the assigned roles and develop a skit simulating the course of the attack, its consequences, and the reaction of the victim and security experts.

Stage 3: Presentation and discussion

• Each group will present their prepared presentation and perform the skit. During the skits, the other students will observe the events and take notes.

• After the presentations, the teacher will moderate a discussion, encouraging students to ask questions and share their reflections.

Stage 4: Evaluation

• The teacher will evaluate the presentations and student engagement based on the established criteria.

• Students will summarize the knowledge gained, discuss the conclusions, and write down the key elements of protection against cybercrime.

Stages and time

2h

Stages 1

4h

Stages 2

4h

Stages 3

2h

Stages 4

Points	2	3	4
Content Quality	Work is weak in terms of content. Missing elements.	Work is good in terms of content. Minor or no errors.	Work is excellent in terms of content. Correct, engaging information.
Presentation of Work	• Presentation is unclear, superficial, and not engaging. • Lack of participation in discussion.	• Presentation is clear, good, and interesting. • The student participates in discussions but with limited input.	• Presentation is attractive, thorough, and engaging. • The student actively participates in discussions and contributes significantly.
Aesthetic Impressions	• Work is unclear, untidy, and poorly executed. • Poor arrangement of elements on the page.	• Work is clear, neat, and carefully done. • Good arrangement of elements on the page.	• Work is aesthetically pleasing, clear, and highly polished. It stands out visually. • Excellent arrangement of elements on the page.
Group Work	Lack of involvement of all group members in work and creative collaboration.	Good involvement of all group members. Satisfactory collaboration skills.	Full engagement of all group members. Excellent cooperation and motivation within the group.

Conclusions

After completing the WebQuest:

• Students understood what cybercrime is and which actions can be classified as threats in cyberspace. They learned about the specifics of various types of attacks, such as phishing, ransomware, DDoS attacks, and cyberstalking, which gave them a broader perspective on the variety of methods used by cybercriminals.

• Students understood the potential consequences of cyberattacks, both for individual users and for companies. They learned about real-life cybercrime incidents and their impact, which allowed them to grasp the importance of data protection and the need for preventative actions.

• By recognizing characteristic features of cyberattacks, such as phishing emails or infected attachments, students learned how to identify potential online threats. They also analyzed how to react to situations like encountering a suspicious email or data phishing attempt.

• In the WebQuest, students practiced applying basic safety principles, such as using strong passwords, enabling two-step verification, using antivirus software, and avoiding suspicious links and attachments. They also learned strategies to protect against more advanced attacks, such as ransomware and DDoS, which often require specialized tools.

• During the project, students worked in groups, which helped them develop teamwork and communication skills. They could collaboratively analyze the topic, share tasks, and prepare to present the discussed threats through role-playing and presentations.

• Students became aware of the importance of online privacy protection, especially on social media. Working on topics like cyberstalking and online fraud helped them understand the importance of managing what they share online and how to control their privacy settings.

• Cybercrime requires quick thinking and the ability to recognize alarming signals. The WebQuest helped students develop these skills by analyzing cases and interpreting gathered information. A critical approach to emails, websites, and apps became an essential element of their daily internet use.

• The WebQuest also broadened students’ knowledge of careers in IT security. This project provided them with the basics that they can further develop if they choose a specialization related to data protection and cybersecurity.