Know and understand characteristics and effect of threats to data including hacking, phishing, pharming, smishing, vishing, viruses, malware, card fraud

Published by Patrick Mutisya · 14 days ago

Cambridge IGCSE ICT 0417 – Safety and Security

Safety and Security – Threats to Data

This set of notes covers the main threats to data that candidates need to know for the Cambridge IGCSE ICT (0417) syllabus. Understanding the characteristics, how each threat works and the possible effects helps learners to develop appropriate security measures.

1. Hacking

Definition: Unauthorized access to a computer system or network, usually with the aim of stealing, altering or destroying data.

  • Often exploits weak passwords, unpatched software or security mis‑configurations.

  • Can be performed manually or with automated tools (e.g., password crackers, network sniffers).

Effects: Data loss, loss of confidentiality, damage to reputation, financial loss.

2. Phishing

Deceptive emails or messages that appear to be from a trusted source, asking the recipient to reveal personal information (e.g., passwords, bank details).

  • Often includes a link to a fake website that looks genuine.

  • Uses social engineering to create a sense of urgency.

Effects: Identity theft, unauthorised transactions, compromise of corporate accounts.

3. Pharming

Redirecting users from a legitimate website to a fraudulent one without their knowledge.

  • Achieved by corrupting DNS servers or modifying the hosts file on a computer.

  • Victims enter personal data on the fake site, believing it is authentic.

Effects: Large‑scale theft of login credentials, financial fraud.

4. Smishing

Phishing conducted via SMS (text) messages.

  • Message may contain a link to a malicious site or request a reply with personal details.

  • Often pretends to be from a bank, delivery service or government agency.

Effects: Same as phishing – identity theft, unauthorised account access.

5. Vishing

Voice phishing – fraudulent phone calls where the caller pretends to be a trusted organisation.

  • Uses social engineering techniques such as authority, fear or urgency.

  • May ask for verification codes, passwords or credit‑card numbers.

Effects: Direct financial loss, compromise of personal data.

6. Viruses

Malicious programmes that attach themselves to legitimate files and spread when the infected file is opened.

  • Can corrupt or delete files, slow down systems, or display unwanted messages.

  • Often spread via email attachments, removable media or infected downloads.

Effects: Data corruption, loss of productivity, possible system failure.

7. Malware (General)

Umbrella term for any software designed to cause harm, including viruses, worms, trojans, ransomware and spyware.

  • Worms: Self‑replicating malware that spreads across networks without user interaction.

  • Trojans: Appear legitimate but execute hidden malicious actions.

  • Ransomware: Encrypts data and demands payment for the decryption key.

  • Spyware: Collects information about the user without consent.

Effects: Data loss, unauthorised data collection, financial extortion, system downtime.

8. Card Fraud

Unauthorised use of credit or debit card details to make purchases or withdraw cash.

  • Data may be obtained through skimming devices, phishing, data breaches or malware.

  • Often involves cloning of magnetic stripe cards or stealing card numbers online.

Effects: Direct monetary loss, damage to credit rating, cost of dispute resolution.

Summary Table

ThreatKey CharacteristicsTypical EffectsCommon Prevention Measures
HackingUnauthorised system access; exploits weak passwords, unpatched softwareData loss, confidentiality breach, financial lossStrong passwords, regular updates, firewalls, intrusion detection
PhishingDeceptive emails/websites; social engineering, urgent languageIdentity theft, unauthorised transactionsVerify sender, avoid clicking unknown links, use anti‑phishing filters
PharmingDNS or hosts file manipulation; redirects to fake sitesMass credential theft, financial fraudSecure DNS, anti‑malware tools, check URL certificates
SmishingSMS messages with malicious links or requestsIdentity theft, unauthorised account accessDo not click links in texts, verify via official channels
VishingPhone calls impersonating trusted organisationsFinancial loss, data compromiseNever give personal info over unsolicited calls, use call‑back verification
VirusesAttach to files, spread via opening infected filesData corruption, system slowdownAntivirus software, avoid unknown attachments, regular backups
Malware (Worms, Trojans, Ransomware, Spyware)Varied delivery methods; self‑replicating, disguise as legitimate, encrypt dataData loss, extortion, privacy invasionUpdate software, use anti‑malware, restrict admin rights, backup data
Card FraudSkimming, data breaches, phishing, malwareMonetary loss, credit damageSecure payment gateways, monitor statements, use chip‑and‑pin cards

Suggested diagram: Flowchart showing how a phishing attack progresses from email receipt to data compromise.

Key Points for Revision

  1. Identify the method of delivery for each threat (email, SMS, phone, network).

  2. Understand the social‑engineering techniques used (urgency, authority, fear).

  3. Remember the primary effects – loss of confidentiality, integrity, availability, and financial impact.

  4. Know at least two preventive measures for each threat.

  5. Be able to explain how a compromised system can be restored (e.g., backups, anti‑malware scans).