Know Your Enemies
Cybersecurity isn’t just about fancy software and strong passwords — it’s about knowing what’s coming at you. Like any good defence, you’ve got to know the threats to fight them off.
In this workshop, we break down the three most common (and nasty) types of cyber threats: Malware, Ransomware, and Phishing. These are the bread-and-butter tools of cybercriminals — and you’ve almost definitely come across at least one of them.
Malware – The Umbrella Term
Malware stands for malicious software. It’s the catch-all word for any program or code designed to do bad things to your system, without your permission.
Think of it like this: if your device were a house, malware is the intruder sneaking in to rob you, spy on you, or wreck the place. It can:
• Steal personal data (like bank details or login info)
• Log your keystrokes (keyloggers)
• Take control of your system
• Slow everything down to a crawl
• Hide in legit-looking downloads or apps
Common types of malware include:
• Viruses – Attach to files and spread when opened
• Worms – Self-replicate and spread across networks
• Trojans – Pretend to be useful, but open the door to attackers
• Spyware – Silently collects your data
• Adware – Bombards you with dodgy ads
• Rootkits – Hide deep inside your system, hard to detect
How you get infected: Usually by downloading dodgy files, clicking on suspicious links, or visiting infected websites. Sometimes, it’s even from plugging in a compromised USB stick.
Ransomware – Hold Your Files Hostage
Ransomware is like the nasty cousin of malware — it doesn’t just mess with you, it demands money.
This kind of attack locks your files, scrambles them with encryption, and then flashes a message demanding payment (usually in Bitcoin) to get them back. It’s cyber blackmail.
Real-world examples:
• WannaCry (2017): Brought parts of the NHS to a halt
• LockBit & Conti (ongoing): Used by criminal gangs to hit councils, schools, and small businesses
• REvil (2021): Demanded millions from global companies, then vanished
What’s the risk?
• You lose access to your files and systems
• Paying doesn’t guarantee recovery
• Even if you pay, your data might be sold or leaked anyway
• Recovery costs can be massive even if you don’t pay
How it gets in: Usually through phishing emails, weak passwords, or malware that was already sitting quietly on your system waiting to strike.
Phishing – The Digital Con Job
Phishing is not just a scam email from a prince in Nigeria (though that one’s a classic). Modern phishing is much more convincing — and it’s often how malware and ransomware sneak in.
Phishing is when someone tricks you into handing over sensitive info, like passwords or credit card numbers, by pretending to be someone you trust.
Types of phishing:
• Email phishing: Fake emails from “your bank,” “HMRC,” or even your boss
• Spear phishing: A highly targeted email that uses real personal details
• Smishing: Phishing via SMS (“You missed a delivery — click here”)
• Vishing: Voice phishing — someone calling and pretending to be support or security
• Clone phishing: A real email gets copied and slightly changed to fool you
How to spot phishing:
• Dodgy email addresses
• Urgent language like “Act now” or “Verify immediately”
• Grammar mistakes
• Suspicious links or attachments
• Unexpected requests for login or payment details
What they want:
• Your login details
• Access to your accounts
• Your money
• A foothold into your network or workplace
A Quick Comparison
|
Threat Type |
What It Does |
Goal |
How You Get It |
|---|---|---|---|
|
Malware |
Infects and damages your system |
Varies: theft, control, spying |
Downloads, dodgy sites, USBs |
|
Ransomware |
Locks files and demands money |
Extortion |
Phishing, malware, weak passwords |
|
Phishing |
Tricks you into giving info away |
Access and theft |
Emails, texts, calls, fake sites |
Final Thought
You can’t fight what you don’t understand — and now you’ve got the upper hand.
These threats are constantly evolving, getting sneakier, and targeting everyone from CEOs to teenagers on TikTok. But the basics stay the same: be sceptical, be alert, and don’t click stuff blindly.
The next time an email says “Urgent account issue,” you’ll know what to look for. Because now you’ve got the knowledge to dodge the hook — and the malware hiding behind it.
Click “Complete” before moving on.