Lesson 3.3 Be Vigilant: Recognising the Consequences of Cyber Attacks

Definition: Fake emails, texts, or calls tricking users into clicking links or giving up sensitive information.

Consequence: May lead to credential theft, payroll fraud, or more severe breaches like ransomware.

Real-World Case: A Florida school lost $100,000 in staff payroll after credentials were harvested through a fake HR email.

Definition: Malicious software encrypts systems or files, demanding payment for release.

Consequence: Loss of access to school data, instruction delays, and large ransom payouts.

Real-World Case: An Illinois district paid over $400,000 in ransom just to access student records again.

Definition:
Manipulating people into revealing confidential information through deception and trust exploitation.

Consequence:
Attackers may gain physical access to facilities, reset passwords, or impersonate staff — leading to major security breaches.

Real-World case: A caller pretended to be IT support and tricked an office staff member into resetting admin credentials. This led to unauthorized access to sensitive student records.

Definition: Malicious code downloaded via fake apps or websites, sometimes hiding in software.

Consequence: Can corrupt files, leak student/teacher data, and open the door for further attacks.

Real-World Case: A fake “grading tool” used by a teacher installed spyware and leaked confidential IEP documents.

Definition: Floods the district’s servers with massive traffic, making systems unusable.

Consequence: Interrupts online learning, digital testing, and district-wide communication.

Real-World Case: During standardized testing, a coordinated DDoS attack crashed a district's online platform, forcing retests for hundreds of students.