Teach Cyber 2020 logo
December 13, 2021

The Teach Cyber Byte

In this month's Byte, we define how to detect a "phishing" attack, and how it could be used against you and your organizations. Additionally, the virtual lounge information, the ARC project, the Teach Cyber YouTube Channel and much more are detailed in this Byte. If you enjoyed this Byte and know someone else that would, please feel free to forward and share our newsletter! (Please note: if you forward this to someone else and they click "unsubscribe," you may be unsubscribed from the mailing list.)

Teach Cyber Byte at a Glance

In this Byte you will find:
  • An invitation to the virtual lounge coming up this week!
  • Curriculum Updates specifically to Unit 5
  • Explanation of ARC Project and Information Session
  • Q and A: Ask Our Expert
  • Introducing the Teach Cyber Book Club
  • Free Professional Development Opportunities
  • Subscribe to the Teach Cyber YouTube Channel
  • Learn about Teach Cyber Club Kits
  • How can you be safe from "phishing"?
  • A Holiday Wish for YOU

Join us for an Expert's Analysis of Various Cybersecurity Education Tools on December 16, 7-8 pm ET

Ben Crenshaw
Ben wears many hats in cybersecurity and cybersecurity education. He is a Peoplesoft Tools and Vulnerability Analyst at Oracle. He is also a CTE Cybersecurity High School Teacher for Canyons School District. And he is the Head of Cyber Education for WorkED and he is a member of the TeachCyber team leading teacher professional development sessions and contributing to other TeachCyber projects and initiatives.
Join us Thursday, December 16 at 7pm EST to hear Ben Crenshaw’s assessment of virtual environments, CTFs, and virtualizations.
Ben will share his thoughtful analysis of various cybersecurity education tools. Come share your experiences and perhaps learn about a new resource or tool to integrate into your classroom.
We are looking forward to seeing you there!

Curriculum Updates

Unit 5 has been updated and released. The updated files are titled v1.2 to make them easy to recognize. The change log can be found HERE.
Big Ideas in Unit 5

Unit 5 infuses four of the 8 Big Ideas
  • Ubiquitous Connectivity
  • Data Security
  • System Security
  • Adversarial Thinking
To learn more about the 8 Big Ideas check out the High School Cybersecurity Curriculum Guidelines.
Unit 5 further develops understanding of data security controls and includes authentication, identification, authorization, and access controls. These tools are examined from the perspective of their function in terms of preventing disclosure, deception, disruption, destruction, or usurpation. From here this unit introduces important terms and concepts in cryptography, and then covers how symmetric and asymmetric cryptosystems work. The unit returns to policy controls and students will analyze laws to discern what type of data are being protected, for whom, and under what circumstances. The unit also covers physical policies as part of a comprehensive defense-in-depth protection strategy.

From there, the unit moves on to discuss network security controls with topics like protocols that build in security, firewalls, intrusion detection, and intrusion prevention systems. The unit discusses important topics such as input validation, state analysis of software, dynamic analysis of software, the role of patching in software security, and the challenge of zero-day vulnerabilities. Regarding hardware security controls, the unit presents how physical controls are used to secure hardware. By the end of this unit, students will also begin to think about the “bigger picture” of systems to develop a strong understanding of how (and which) controls are used in securing a system from attack.
Additional Updates

Units 1, 2, 3, and 4 have been updated and released. You can find them at TeachCyber.org The following is the schedule for future courseware updates:
  • Unit 6 - December
  • Unit 7 - January
  • Unit 8 - February

The ARC Project

Teaching Cybersecurity?

Looking for more assessment resources?

You are invited to join this information session about the ARC Project.
ARC aims to address the need for rigorous research on assessment by partnering with cybersecurity researchers, educators and assessment experts. Cybersecurity educators need high-quality assessment resources that can help them to make valid claims about student knowledge and guide student learning. Cybersecurity educational researchers need high-quality assessment resources to conduct studies that advance improvements in teaching and student learning in cybersecurity.
When: January 26, 6:30 pm ET

What: ARC (Assessment Resources for Cybersecurity) is a DARK Enterprises project funded by the National Science Foundation (Grant # 2117073).

Finally, state departments of education need high-quality assessment resources that support educational pathways as they build their cybersecurity high school to college/career pathways. The project team will leverage Evidence-Centered Design to create and pilot-test a bank of cybersecurity assessment items and share the findings broadly. The assessment resources will be based on the High School Cybersecurity Curriculum Guidelines, that are now being used as a resource for high school educators across the country in implementing cybersecurity courses and programs. Assessments based on the guidelines will further support the advancement of cybersecurity pathways into dual/concurrent enrollment and placement credit opportunities.

Ask Our Expert How to Practice Better Cybersecurity

Recently, a teacher mentioned that apps are giving us free services so they need our information to realize what we are more interested in. Then she asked: Do I (and my students) need to worry about sharing personal information such as location with apps or not?

Nancy Stevens with Teach Cyber says: Free apps are a transaction. We exchange our data for the app. Unfortunately, there is a lack of transparency in terms of what is collected and how it is used. Furthermore, there are issues of tracking across devices and selling of data to third parties. The New York Times has an interesting article based on their research of iPhone Apps, here is the link:


The Wirecutter has great reviews on many products.
None of us probably know the value in dollars of our data and that's where I personally am not comfortable with how my data is collected and used. Are we trading convenience for surveillance? And how much data is being collected with the goal of changing behaviors? The Cambridge Analytica/Facebook scandal made it clear that we are the "product"--that was unsettling.

Teach Cyber Book Club

Cybersecurity intersects many facets of life so it isn’t surprising to find books written about the history, development, and potential future of cybersecurity. Join us quarterly to discuss a selected cybersecurity book. You don’t have time to read the book or could only manage a few chapters? That’s ok! The discussion will be rich either way. We will begin with a synapsis, share our thoughts, and then identify connections to the classroom. Pour your favorite beverage, log on to the Zoom and join us!

Professional Development for Educators

We are excited to announce our partnership with Cisco NetACad. Check out the free, self-paced course offerings at TeachCyber.org.
  • Cybersecurity Basics
  • Cybersecurity Essentials
  • Packet Tracer
  • Networking Essentials
TeachCyber& Cisco
If you are interested in the need for cybersecurity, privacy, and common attacks and protections start with the Cybersecurity Basics course. If you want to develop a broad foundational understanding, we recommend the Cybersecurity Essentials course. When you are ready to develop your understanding of networks, dive into the Networking Essentials course. The Packet Tracer course will introduce this network design, simulation, and modeling tool.

Subscribe to the Teach Cyber YouTube Channel

At the Teach Cyber YouTube Channel you will find playlists for exploring
  • Cybersecurity Big Ideas,
  • Teacher Virtual Lounge session on Cybersecurity Careers and the
  • Lab Help Sessions and Demos
    • The Lab Help Sessions provide teaching tips from our Master Teachers as well as cyber range demonstrations.
Check out the Teach Cyber YouTube Channel and be sure to subscribe so you don't miss future videos!

Teach Cyber Club Kits

As you may already know, here at Teach Cyber our mission is to provide resources, training, and support to secondary school educators teaching cybersecurity. By supporting teachers, we hope to
  1. contribute to growing the cybersecurity workforce; and
  2. help all students understand ways to act more safely and more ethically in cyberspace.
With these goals in mind, we are developing Teach Cyber Club Kits, these kits can be used at the 6-9th grade levels and are meant to be used in an afterschool club setting to heighten interest in your cybersecurity course, program and pathway and to help students reflect on their actions so they make healthy, safe, and ethical decisions in cyberspace.

Please check out the samples here.

We are interested in hearing your perspective on these club kit samples. Please respond to sabrina.smiley@teachcyber.org with your comments, questions, and feedback.


In last month's Byte, we talked about ransomware and how most attacks involving it begin with phishing. This is because phishing is one of the most effective forms of cyberattack, so this Byte will examine phishing on its own and give it the spotlight it deserves. Phishing (pronounced: fishing) is a cyberattack that attempts to trick targets into falling for a scam by sending specially designed malicious emails [4]. By getting you to reveal personal information such as credit card numbers or account passwords, attackers can use what you provide to steal your money, accounts, or even your whole identity [1].
Kill Chain
Phishing attempts can be very convincing, and cybercriminals will often send emails that appear to come from legitimate services like banks, online retailers, and social media platforms. Phishing emails and text messages are also more prevalent during the holidays [2], so we wanted to provide information about protecting yourself from phishing during that influx.
As with the holiday campaigns, remote work during the pandemic has also increased the effectiveness of phishing emails. Users don't have enterprise-level cybersecurity at home, giving attackers a higher chance of success [2]. As a result, the volume of phishing sites and attempts has increased substantially. After the pandemic lockdowns, Google reported a 350% surge in phishing websites at the beginning of 2020 [3]. Because of this, it's more important than ever that we can recognize phishing emails. If you do fall for a phishing attempt, though, you're not alone. Even the best cybersecurity professionals sometimes fall for them, too. Phishing emails are growing more advanced, so the best thing we can do is learn from our mistakes.
While phishing emails are growing increasingly sophisticated, they can often be identified by a few typical characteristics:
Kill Chain (WoW)
1. An urgent call to action - A favorite tactic of cybercriminals is to encourage you to act fast with messages saying that a deal is only available for a limited time or that your account will soon be terminated. Most reliable organizations give ample time for these kinds of tasks, so the threat or sense of urgency is only to trick you into not thinking about the possibility of a scam [4].
2. Emails requesting login credentials - Emails requesting login credentials or personal information should always be treated with caution. Attackers can craft and direct you to fake login pages that look exactly like the real thing. If an email asks you to log in to perform some tasks, it's best to visit the site by searching for it in your search engine of choice or by typing in its URL directly [5].
3. Mismatched Email Domains - If an email claims to be from a reputable company but is sent from another email domain, it's probably a scam. Additionally, be watchful for very subtle misspellings of the legitimate domain name, e.g., where the second "o" has been replaced by a zero, or where the "m" in "microsoft" has been replaced by an "r" and an "n." These are common tricks of scammers [1].
4. Too Good to be True - Lucrative offers and attention-grabbing statements are designed to lull targets into a false sense of security. For instance, many phishing messages will claim that you have won an iPhone, a lottery, or some other lavish prize. If it seems too good to be true, it probably is [4]!
5. First-time or infrequent senders - While it's not unusual to receive an email from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. When you get an email from someone that you don't recognize, take a moment to examine it extra carefully before you proceed [1].
6. Spelling and bad grammar - Legitimate organizations usually have an editorial staff to ensure customers receive professional-looking emails. If an email message has obvious spelling or grammatical errors, it might be a scam. These errors are sometimes the result of awkward translation from a foreign language, and sometimes they're deliberate attempts to evade filters that try to block phishing keywords [1].
7. Generic or unusual greetings - Emails exchanged between work colleagues or friends usually have an informal salutation. Those that start with "Dear sir or madam" or contain phrases not typically used in casual conversation are from sources unfamiliar with the style of office interaction used in your business. Such emails should be cause for caution [5].
8. Suspicious links or unexpected attachments - A link may be more than meets the eye. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. If the hyperlink points to a completely different website or one with a misspelling of a legitimate website, be cautious! Additionally, don't open attachments that you aren't expecting or that don't make sense in context. PDFs, Word documents, and other files can contain payloads for ransomware or other viruses [4].
While 96% of phishing is done via email, it can occur in other forms, too [2]. Voice phishing, or "vishing," is another form of social engineering. These malicious phone calls are designed to obtain sensitive information such as login credentials, just like traditional phishing. Social media posts and ad runs can also be used to do the same. Additionally, phishing emails can be targeted to become more effective. When attackers go after specific individuals rather than a wide group of people, they can customize their communications and appear more authentic. This is known as spear phishing, and it is often the first step used to penetrate a company's defenses and carry out a targeted attack. According to the SANS Institute, 95 percent of all attacks on enterprise networks are the result of successful spear phishing [6]. When attackers go after a "big fish" in an organization like the CEO, this is known as whaling. Considerable time is spent profiling the targets of spear-phishing and whaling to find the opportune moment and means to steal their login credentials and sensitive company information [6].
Kill Chain
If you receive an email that you suspect is a phishing attempt, it's important not to click any links or attachments. You can take steps to check the email's legitimacy by comparing its hyperlinked URLs (by hovering, not clicking) and the sender's email domain with the website URL you find by googling the organization or service. You can also call the organization using a phone number that you find printed on a bill or statement or listed on their official website [1]. If the email seems to be coming from a friend or individual you know, call them to ensure the email is legitimate. Either way, the attacker may list their own phone number in the phishing email, so you need to search out the legitimate email to be safe. If you're still concerned about the email after taking these steps, report the message using your email client's report feature and notify your company's IT or security team if applicable. Finally, delete the email unless you're instructed to do otherwise by your organization.
If you'd like to test your own phishing detection skills, check out Google's phishing quiz here: https://www.phishing.org/what-is-phishing. These emails are designed to look convincing, so look carefully and see how many fraudulent emails you can catch! Additionally, if you'd like to learn more about phishing, why it works, and what to do when you encounter it, check out Cisco's phishing awareness quiz at: https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html#~phishing-awareness-quiz. Your organization may also have phishing training available to help you identify what to do if a phishing email makes its way into your work inbox.

If you're interested in learning more about how phishing fits into the bigger picture of cybersecurity, check out Teach Cyber's "Intro to the Challenge of Cybersecurity" course. Unit 2, Lesson 2 looks at the kinds of attacks that could be launched through a successful phishing attempt, and Unit 7, Lesson 3 examines the anatomy of a cyberattack and the role of phishing through the lens of the cyber kill chain model. Finally, Unit 5, Lesson 9 is all about the human factors in cybersecurity and how social engineering techniques such as phishing can be so effective.
[1] “Protect Yourself from Phishing.” Microsoft Support, https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44. Accessed 5 Dec. 2021.

[2] “What Is Phishing?” Proofpoint, https://www.proofpoint.com/us/threat-reference/phishing. Accessed 5 Dec. 2021.

[3] Damiani, Jesse. “Google Data Reveals 350% Surge In Phishing Websites During Coronavirus Pandemic.” Forbes, 26 Mar. 2020, https://www.forbes.com/sites/jessedamiani/2020/03/26/google-data-reveals-350-surge-in-phishing-websites-during-coronavirus-pandemic/.

[4] “What Is Phishing?” KnowBe4, Inc., https://www.phishing.org/what-is-phishing. Accessed 5 Dec. 2021.

[5] “How to Spot Phishing Emails | 7 Helpful Tips for Employees.” Cofense, https://cofense.com/knowledge-center/how-to-spot-phishing/. Accessed 5 Dec. 2021.

[6] “What Is Phishing? Examples and Phishing Quiz.” Cisco, https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html. Accessed 5 Dec. 2021.

facebook twitter linkedin youtube 
Teach Cyber 2020 logo