Fatskills
Practice. Master. Repeat.
Study Guide: Computer Science - ICT Grade 6 Cybersecurity Passwords Phishing Malware
Source: https://www.fatskills.com/6th-grade-science/chapter/computer-science-ict-grade-6-cybersecurity-passwords-phishing-malware

Computer Science - ICT Grade 6 Cybersecurity Passwords Phishing Malware

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~8 min read

Grade 6 Computer Science – ICT
Topic: Cybersecurity: Passwords, Phishing, Malware


1. The Driving Question

"If your phone or laptop is just a piece of metal and glass, how can someone you’ve never met trick it—or you—into giving up your private stuff? And why isn’t ‘password123’ enough to stop them?"

This isn’t about hackers in dark rooms typing fast—it’s about the invisible rules that keep your digital life safe, and how those rules get broken every day by scammers, viruses, and even your own mistakes.


2. The Core Idea – Built, Not Listed

Imagine your school locker. It’s got a combination lock, but the lock isn’t just about the numbers—it’s about how you use them. If you write the combo on a sticky note and tape it to the door, it doesn’t matter how strong the lock is. If you hand the combo to someone who says they’re from the office but is actually a stranger, the lock won’t help. And if someone sneaks a magnet inside your locker that messes with the lock’s gears, the whole thing stops working.

Cybersecurity works the same way. Your devices and accounts are like lockers, and the "combos" are passwords, security questions, and even your own habits. Phishing is when someone tricks you into handing over the combo. Malware is the magnet that messes with the lock from the inside. And a weak password? That’s like using "1-2-3" as your locker combo—easy to guess, even if you think it’s safe.

Key Vocabulary:
- Password entropy
Definition: A measure of how unpredictable (and therefore strong) a password is, based on length, variety of characters, and randomness.
Example: "PurpleGiraffe$2024!" has high entropy because it’s long, mixes uppercase/lowercase letters, numbers, and symbols, and isn’t a common phrase. "Summer2024" has low entropy—it’s a predictable pattern.
(Note: In high school, you’ll learn how entropy is calculated mathematically, like bits of information in computer science.)


  • Phishing
    Definition: A scam where attackers pretend to be a trusted person or organization (like a bank, teacher, or friend) to trick you into revealing passwords, credit card numbers, or other private info.
    Example: You get an email that says, "Your Roblox account is locked! Click here to verify your password or lose access forever." The link takes you to a fake Roblox login page that steals your info. Real companies never ask for passwords via email.

  • Malware
    Definition: Short for "malicious software"—any program designed to harm, spy on, or take control of your device without your permission.
    Example: You download a free "Minecraft mod" from a sketchy website, but the file is actually a Trojan (a type of malware disguised as something harmless). Once installed, it records every key you press (including passwords) and sends it to a hacker.
    (Note: In college cybersecurity courses, you’ll study how malware exploits specific vulnerabilities in operating systems, like buffer overflows.)

  • Two-factor authentication (2FA)
    Definition: A security method that requires two proofs of identity before granting access—usually something you know (a password) and something you have (a code sent to your phone).
    Example: When you log into your school Google account, it asks for your password and a 6-digit code texted to your phone. Even if someone steals your password, they can’t get in without your phone.


3. Assessment Translation

How This Appears on State/ICT Assessments (Grade 6):
- Multiple Choice: Questions test recognition of phishing red flags, malware types, or password strength.
Example: "Which of these is the STRONGEST password? A) Soccer123 B) Qw3rty! C) BlueSky$2024 D) Password" Distractor Pattern: Options A and B look strong because they have numbers/symbols, but they’re short or use common patterns (keyboard walks like "Qw3rty"). Option D is an obvious weak password.


  • Short Constructed Response: You’ll be given a scenario (e.g., an email or pop-up) and asked to identify the threat and explain why it’s dangerous.
    Example: "Your friend gets a text that says, ‘Your Fortnite account is about to be banned! Click here to verify: [link].’ What type of cyberattack is this, and what should your friend do?" Proficient Response:

    "This is a phishing scam. The attacker is pretending to be Fortnite to trick my friend into clicking a fake link. My friend should NOT click the link—real companies don’t ask for account info via text. They should delete the message and check their account on the official Fortnite website if they’re worried."


What Teachers Look For: - Proficient: Names the threat (phishing), explains the trick (fake urgency), and gives a safe action (don’t click, verify elsewhere).
- Developing: Identifies the threat but doesn’t explain why it’s dangerous or gives vague advice ("ignore it").
- Minimal: Says "it’s bad" without naming the threat or suggesting a fix.


  • Performance Task: You might be asked to create a strong password for a given scenario (e.g., a school account) and explain your choices.
    Example Proficient Response:

    "For my school account, I’d use ‘MathClass!2024Pizza’ because: - It’s long (18 characters). - It mixes uppercase, lowercase, numbers, and symbols. - It’s memorable to me (I love pizza and math) but not a common phrase. - I’d enable 2FA so even if someone guessed it, they’d need my phone code too."




4. Mistake Taxonomy

Mistake 1: The "It Won’t Happen to Me" Password
- Prompt: "Create a password for your new Roblox account. Explain why it’s strong." - Common Wrong Response:


"I’d use ‘Roblox123’ because it’s easy to remember and has numbers." - Why It Loses Credit: - Wrong operation: The student focuses on memorability over security.
- Incomplete explanation: Doesn’t address length, randomness, or avoiding personal info.
- Correct Approach: "I’d use ‘Roblox$Jumping2024!’ because: - It’s 17 characters long (longer = stronger). - It has uppercase, lowercase, numbers, and symbols. - It’s not a real word or my username (hackers guess those first). - I’d also turn on 2FA in case someone tries to hack it."


Mistake 2: The "Looks Official" Phishing Trap
- Prompt: "You get an email from ‘Netflix’ saying your account is on hold. It asks you to click a link and enter your password. What do you do?" - Common Wrong Response:


"I’d click the link to check if it’s real. If the website looks like Netflix, I’d log in." - Why It Loses Credit: - Misreads the threat: Doesn’t recognize that any unsolicited request for passwords is a red flag.
- Missing evidence: Doesn’t mention checking the sender’s email address or contacting Netflix directly.
- Correct Approach: "I wouldn’t click the link. Real companies never ask for passwords via email. I’d: 1. Hover over the sender’s email to see if it’s really from Netflix (e.g., ‘[email protected]’ vs. ‘[email protected]’). 2. Go to Netflix’s official website (not the link) and check my account there. 3. Report the email as phishing to Netflix."


Mistake 3: The "Free Game" Malware Download
- Prompt: "Your friend sends you a link to download a ‘free’ version of Among Us. What should you do?" - Common Wrong Response:


"I’d download it because my friend wouldn’t send me a virus." - Why It Loses Credit: - Ignores the threat: Assumes the friend’s account wasn’t hacked or the link wasn’t forwarded.
- No risk assessment: Doesn’t consider that free games from unofficial sites often contain malware.
- Correct Approach: "I wouldn’t download it. Even if my friend sent it, their account might be hacked. Instead, I’d: - Check if the game is on the official App Store or Google Play. - Ask my friend in person if they meant to send the link. - Use a site like VirusTotal to scan the link first (but even that’s not 100% safe)."




5. Connection Layer

  1. Within Computer Science:
    Password entropy → Cryptography — The math behind password strength (like entropy) is the same math used to encrypt messages in apps like WhatsApp. A weak password is like a weak encryption key—easy to crack.

  2. Across Subjects:
    Phishing → Psychology (Persuasion Techniques) — Phishing scams use the same tricks as con artists in history (e.g., "Nigerian prince" emails) and salespeople: urgency, authority, and fear. Understanding how scammers manipulate emotions helps you spot fake news too.

  3. Outside School:
    Two-factor authentication (2FA) → Airport Security — 2FA is like showing your ID and a boarding pass at the airport. One isn’t enough because IDs can be faked, and boarding passes can be stolen. Your password is the ID; the code on your phone is the boarding pass.


6. The Stretch Question

"If a hacker can guess 10,000 passwords per second, how long would it take them to crack ‘P@ssw0rd’ vs. ‘PurpleTurtle$2024’? And why does adding one extra character (like ‘!’) make such a huge difference?"

Pointer Toward the Answer:
Password cracking is like trying every combination on a bike lock. A 4-digit lock (0000–9999) has 10,000 possible combos—easy to crack. But a 6-digit lock has 1 million combos. Passwords work the same way: every extra character (or symbol/number) multiplies the possible combinations. "P@ssw0rd" is short and uses common substitutions (like @ for a), so it’s in the first few thousand guesses. "PurpleTurtle$2024" is longer, more random, and has symbols—so it’s like a 15-digit lock with trillions of combos. That’s why hackers give up and move on to easier targets.

(Want to test it? Try a password strength checker like How Secure Is My Password?—but don’t use a real password!)



ADVERTISEMENT