Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

1.3 Cyber security attacks and phishing

This section is part of the amber and green pathways.

Download this video clip.Video player: ou_futurelearn_cyber_security_vid_1046.mp4
Skip transcript


So there was a time that I actually got phished. I was successfully attacked over the internet. And it really illuminated the fact that security depends on you never making any mistakes, and attacking depends on finding one person who can make a mistake.
So the way that happened was the night before, I'd reinstalled the operating system on my phone, and so every time I logged into a service that normally I'd have a password stored on my phone for, it was prompting me to reenter my password, because I had a new operating system. And also, I had a new browser, and the browser hid part of the URL of the website I was looking at. So that made things bad, too.
I went to the coffee shop after dropping off our daughter at school with my wife, and she sat down to read the free sheet and I stood in the queue, and I fired up Twitter and there was a direct message from a friend of mine that said, was this you? And a URL. And the day before, I had also published a bunch of newspaper editorials, so I was getting a lot of emails and direct messages, saying oh, I saw that, or how was this, or whatever. And so it seemed kind of plausible. And I clicked on it, and it prompted me for my password. And it brought me to a Twitter login screen and prompted me for a password, which was normal. Everything was prompting me for it. It looked like I was visiting Twitter dot com, because of the way the browser was displaying, and I entered it in.
And then I got three more DMs from other people saying, is this you? And I was like, oooh, they've all been infected by something that presumably I've just been infected by, too. And if nothing else, I just entered my password into this.
The consequences, thankfully, were pretty light, because it happened immediately, and I had good password hygiene that I didn't recycle passwords across services. So I immediately sat down in the cafe, cancelled all my morning meetings, and changed that password and went through and made sure everything looked OK and then ended up blowing out the operating system on that phone and reinstalling it. Luckily, the consequences were pretty slight and nothing bad happened to me apart from losing that morning and feeling like an idiot.
End transcript
Interactive feature not available in single page view (see it in standard view).
This bar chart shows the percentages of businesses and charities that have identified a breach of attack in the last 12 months. A footnote explains that the data is based on 748 business and 134 charities. The types of attack and percentages are as follows: Fraudulent emails or being directed to fraudulent websites – businesses 86%, charities 85%; Others impersonating organisation in emails or online – businesses 26%, charities 39%; Viruses, spyware or malware – businesses 16%, charities 22%; Hacking or attempted hacking of online bank accounts – businesses 9%, charities 10%; Ransomware – businesses 8%, charities 10%; Unauthorised use of computers, networks or servers by outsiders – businesses 6%, charities 8%; Unauthorised use of computers, networks or servers by staff – businesses 3%, charities 6%; Any other breaches or attacks – businesses 5%, charities 6%.
Figure 7 Types of attack/breach identified by organisations

The nature of cyber attacks has changed since 2017 (see Figure 5). Over this period, there has been a rise in businesses experiencing phishing attacks (from 72% to 86%), a fall in viruses or other malware (from 33% to 16%), and a fall in ransomware (from 17% to 8%) (DCMS, 2020). Let’s now look a little into what phishing is.


It may be surprising that many cyber security breaches do not result from technical failures. In fact, it is commonplace for attackers to exploit the goodwill and trust of people to gain access to systems, using a form of attack that is known as ‘social engineering’. Pretending to be technical support personnel or crafting emails that ask for usernames and passwords are common forms of social engineering attacks. You may have heard the term ‘phishing’ used to describe these kinds of emails. Phishing is a form of social engineering. In the video, course guide Cory explains how it happened to him.

In the next section you’ll find out about three high profile cyber security breaches.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371