Requirement 4 of 9

Cyber Threats, Vulnerabilities, and Attacks

Define core cybersecurity risk terms, explore malware and phishing, review public Wi-Fi risks, and complete one current-events option.

Sign in or create an account to mark steps complete and save your progress.

Checklist

Requirement 4 discussion guide

Use these notes to discuss common cyber risks, how attacks happen, and how to respond responsibly.

Core terms

  • A vulnerability is a weakness that could be used against a system.
  • A threat is something capable of causing harm, such as an attacker, malware, or unsafe behavior.
  • An exploit is a method or tool used to take advantage of a vulnerability.

Threats and attacks

Examples

  • A website missing updates may have a vulnerability.
  • A criminal trying to steal passwords is a threat.
  • A malicious script that uses that weakness to gain access is an exploit.

Public Wi-Fi and phishing

Risks and responses

  • Public Wi-Fi can expose users to fake hotspots, snooping, or unsafe login capture.
  • Reduce risk by avoiding sensitive logins on untrusted networks, using HTTPS, turning off automatic connections, and using a VPN when appropriate.
  • Phishing and spoofing often use urgency, fake branding, unexpected links, or strange sender details to trick people into clicking or sharing information.

Attack surface

What to include

  • Email and social accounts, game accounts, school accounts, phones, tablets, laptops, cloud storage, and home Wi-Fi.
  • Any place where someone might try to log in, steal data, trick you, or misuse a weak setting increases your attack surface.

Cyber Threats, Vulnerabilities, and Attacks discussion locked

Sign in or create an account to mark progress complete.

Malware example

Pick one kind of malware, explain how it works, and describe the harm it can cause.

Malware types you could choose

  • Virus, worm, Trojan, spyware, ransomware, or backdoor.
  • Be ready to explain how it spreads, what it tries to do, and why it is harmful.

Helpful structure

  • Name the malware type.
  • Explain how it gets onto a device.
  • Explain what damage it can cause, such as stealing data, spying, locking files, or slowing a system down.

Malware example locked

Sign in or create an account to mark progress complete.

Public Wi-Fi risks

Identify two risks of using public Wi-Fi and explain how to reduce or avoid them.

Common risks

  • Fake hotspots can trick you into joining an attacker's network.
  • People on an unsafe network may try to snoop on traffic or capture logins.

Ways to reduce risk

  • Avoid sensitive logins on untrusted networks when possible.
  • Use HTTPS, turn off automatic Wi-Fi joining, and use a VPN when appropriate.

Public Wi-Fi risks locked

Sign in or create an account to mark progress complete.

Spoofing and phishing

Explain what spoofing and phishing are, how to recognize them, and what to do if you encounter one.

What to watch for

  • Unexpected messages that create urgency or fear.
  • Links, sender names, or website addresses that look almost right but not quite.
  • Requests for passwords, codes, money, or personal information.

Safe response

  • Do not click suspicious links or reply with personal details.
  • Report the message to a trusted adult, school, or service provider and warn others if needed.

Spoofing and phishing locked

Sign in or create an account to mark progress complete.

Current events choice

Choose one current-events option: a recent cybersecurity incident or a movie/book where cybersecurity plays an important role.

Select 1 current-events option

Pick one option below and be ready to discuss what you learned with your counselor.

0 selected, 1 required

Sign in or create an account to choose items and save progress.

Select items above to show their notes here. Choose at least 1.

Current events choice locked

Sign in or create an account to mark progress complete.

Your cyber attack surface

Create a list of all the accounts, apps, devices, and networks that could be used to reach your information.

What to include

  • Email, gaming, school, shopping, and social media accounts.
  • Phones, tablets, laptops, smart TVs, game consoles, and cloud storage.
  • Home Wi-Fi, routers, and any shared family devices.

Why it matters

  • Every login, app, and connected device is another place where a weak password, unsafe setting, or scam could create risk.
  • Knowing your attack surface helps you protect the most important accounts and devices first.

Your cyber attack surface locked

Sign in or create an account to mark progress complete.

Back: FundamentalsNext: Cyber Defenses

Jump To A Requirement

Navigate anywhere in this merit badge without losing your place.

View Start Page