Lesson 6: Security Risks Part 1


Students investigate three different common security risks (phishing, keylogging, malware) in a jigsaw activity. In groups, students create Public Service Announcement slides warning of the dangers of their assigned security risk. Then students are grouped with students who investigated other security risks and are instructed to share their slide and give a voice over. The activity ends with the class coming together to discuss the security risks as a whole.


In this lesson students are exposed to common security risks. The purpose of this lesson is to dive into the facts and learn how people are targeted. In a future lesson students will explore how they can protect themselves from these security risks.


Lesson Modifications

Warm Up (5 mins)

Activity (35 mins)

Wrap Up (5 mins)

View on Code Studio


Students will be able to:

  • Identify commons security risks: phishing, keylogging, malware, rouge access points
  • Explain how these common security risks target people
  • Discuss the warning signals for these common security risks


  • Read through the levels on Code Studio to familiarize yourself with the topics.
  • Think through the logistics of running the jigsaw activity.


Heads Up! Please make a copy of any documents you plan to share with students.

For the Teachers

Teaching Guide

Lesson Modifications

Attention, teachers! If you are teaching virtually or in a socially-distanced classroom, please read the full lesson plan below, then click here to access the modifications.

Warm Up (5 mins)

Discussion Goal

Goal In this discussion, we are previewing malicious links and common phishing attempts. If students do not have any of their own examples to offer up, try to be prepared with one of your own where you received an email that was clearly not wise to open.

Things that might make you suspicious:

  • Mispellings of the person's name, email, or company
  • Something that seems to good to be true ("Free Vacations for a year!")
  • Asking for personal information
  • A flashy link they want you to click on

Prompt: Have you ever received an email or a text message that looked suspicious? Have you ever been unsure if you should open the message or click on a link? What are the things that made you suspicious?

Activity (35 mins)

Security Risks Jigsaw


There are many different ways that data can be stolen. Let's examine a few.

Group: Divide students into groups of two. Evenly divide the three topics among the groups:

  1. Keylogging
  2. Phishing
  3. Malware

Do This (20 mins): Students navigate to their assigned levels on Code Studio and examine their topic. After they have a good understanding of the content, students make a PSA (Public Service Announcement) slide covering the following things:

  • What is the security risk?
  • How are people targeted?
  • What are the warnings?

Group (10 mins): After students finish their slides, rearrange the class so there is a representative covering each topic in each group. Students share their slides with each other and give a voice over of the security risks.

Teaching Tip

It's ok if the student who presents information has some innacuracies in their reporting. Use this opportunity to correct misunderstandings and get everyone on the same page.

One thing that can come out of the discussion is the realization that Keylogging is a form of Malware. Malware is as broad category of malicious software that can collect information or exploit a system in many different ways.

Discuss (5 mins): Bring the class back together and ask for a volunteer from each of the topics to share their slide with the class and give a one minute overview.


Another security risk that you may have heard about is a Rogue Access Point. How this works can get pretty complicated, but it's enough to know that a rogue access point is a wireless access point that gives unauthorized access to secure networks. This can be a physical device that is attached to a router - sometimes hidden from site! It can be detected in various ways, including looking for strange wireless signals.

Wrap Up (5 mins)


There are many different ways that you may be targeted to reveal sensitive information. We generally think of emails as being a safe way to communicated, but unsolicted emails, attachments, links and forms can all be used to compromise the safety and security of a computing system. These could come from people you don't know, or from your friends and family who's security has been compromised.

It can be alarming to realize that there are many ways you are being targeted to reveal sensitive information. However, knowledge of the facts can help us be wiser consumers of technology. Later on in this unit we will explore further how to protect ourselves from these security risks.

Journal: Record in your journal the following vocaublary words: Phishing, Keylogging, Malware, Rogue Access Point.

Assessment: Check For Understanding

Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.

Question: How would you explain these three security risks (phishing, keylogging, malware) to a family member? What would you say to help them understand the dangers?

Standards Alignment

View full course alignment

CSTA K-12 Computer Science Standards (2017)

NI - Networks & the Internet
  • 3A-NI-05 - Give examples to illustrate how sensitive data can be affected by malware and other attacks.


IOC-2 - The use of computing innovations may involve risks to your personal safety and identity
IOC-2.B - Explain how computing resources can be protected and can be misused.
  • IOC-2.B.9 - Malware is software intended to damage a computing system or to take partial control over its operation.
IOC-2.C - Explain how unauthorized access to computing resources is gained.
  • IOC-2.C.1 - Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.
  • IOC-2.C.2 - Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.
  • IOC-2.C.3 - Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point.
  • IOC-2.C.4 - A rogue access point is a wireless access point that gives unauthorized access to secure networks.
  • IOC-2.C.7 - Untrustworthy (often free) downloads from freeware or shareware sites can contain malware.