Types of malware
What is scareware?
Tip: Scareware "scares" you into clicking. Always double-check before paying for virus removal!
This type of malware is designed to trick you into thinking your computer has a virus so you'll pay for fake antivirus software.
🧠 Explanation: Scareware tricks users into thinking their computer is at risk, often through fake pop-up warnings, urging them to buy unnecessary or non-existent software to fix the problem. It's a form of deception aimed at making quick profits.
What do we call a secret word or phrase used to protect access to a network or device?
Password
🧠 Explanation: A password is a basic security measure that prevents unauthorized access to systems and accounts. It’s typically something only the user should know.
What is the term for a fake email that tries to trick you into giving away personal information like passwords or credit card numbers?
Phishing
🧠 Explanation: Phishing emails pretend to be from trusted sources (like banks or tech companies) to trick you into clicking links or entering sensitive information. Always double-check email addresses and links before clicking.
What is the most common method of authentication, where users type in a secret word or phrase?
Password
🧠 Explanation: A password is the most basic and widely used form of authentication. It's something you know, but it's also the easiest to guess or steal if it's weak or reused.
What is the process of converting readable data into a coded form to keep it secure?
Encryption
🧠 Explanation: Encryption turns regular information into unreadable code so that only authorized users can decode it. It protects data from being seen or stolen during transmission or storage.
What is ransomware?
This malware locks your files and demands money to unlock them.
🧠 Explanation: Ransomware encrypts or locks a victim's files, rendering them inaccessible. The attacker then demands a ransom, usually in cryptocurrency, in exchange for restoring access to the files. Regular backups can help prevent the worst effects of such attacks.
What is the name of the security system that acts like a gatekeeper, blocking unauthorized access to or from a network?
Firewall
🧠 Explanation: A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts like a barrier between a trusted network and untrusted ones, helping to block malicious traffic.
This type of phishing targets specific individuals or organizations with personalized messages.
Spear phishing
🧠 Explanation: Spear phishing is more targeted than regular phishing. The attacker researches their victim and crafts a realistic, personalized message—often using names, roles, or company details—to increase the chances of success.
What method adds a second layer of security by asking for a code sent to your phone or email?
2FA
🧠 Explanation: 2FA requires something you know (like a password) and something you have (like a phone or code), making it much harder for attackers to access your account even if they steal your password.
What is the name for the original, readable information before it’s encrypted?
Plaintext
🧠 Explanation: Plaintext is the raw data or message before it's encrypted. Once encrypted, it becomes ciphertext and can’t be understood without the right key.
This type of malware is designed to scare you into thinking your computer is infected so you’ll pay for fake antivirus software.
Scareware
🧠 Explanation: Trojan horses disguise themselves as legitimate software or files. Once downloaded or opened, they grant hackers access to the system, allowing them to steal data, install other malicious software, or cause damage.
What is the term for converting data into a secret code so only authorized people can read it?
Encryption
🧠 Explanation: Encryption transforms data into an unreadable format, which can only be converted back to its original form by someone who has the correct decryption key. This ensures that sensitive information remains secure during transmission.
What’s the name for a fake website designed to look like a real one in order to steal your login info?
Phishing site
🧠 Explanation: A phishing site mimics the design and URL of a real site (like a bank login page) to trick users into entering their information. Always check the website URL carefully—sometimes only one letter is different.
What type of authentication uses things like fingerprints, face scans, or voice recognition?
Biometric authentication
🧠 Explanation: Biometric authentication is based on something you are, such as physical traits. It’s unique to each person and hard to replicate, which makes it very secure.
What do you call the coded result of encryption that only authorized users can decode?
Ciphertext
🧠 Explanation: Ciphertext is the unreadable version of the data after encryption. It’s only useful to someone who has the correct decryption key or method.
What is a worm?
This type of malware spreads by itself through networks and doesn’t need to be clicked or opened to infect systems.
🧠 Explanation: A worm is a self-replicating malware that spreads automatically across networks without needing user intervention (like opening a file). It often exploits vulnerabilities in software to propagate and can cause widespread damage by overwhelming network resources.
What kind of attack floods a network or server with so much traffic that it can’t function properly?
DDoS attack (Distributed Denial of Service)
🧠 Explanation: In a DDoS attack, multiple systems are used to flood a network or server with a large volume of traffic, overwhelming the system and causing it to become slow or completely unavailable to users.
What’s the term for a phone call where someone pretends to be tech support or a bank representative to steal your info?
Vishing
🧠 Explanation: Vishing uses phone calls instead of emails to deceive you. Scammers may act like a company rep and ask for your credentials or push you to install malicious software “for your safety.”
What do we call the process of using a physical device, like a USB key or smart card, to log in securely?
Hardware token
🧠 Explanation: A hardware token is something you have—a physical device that generates or stores login credentials. It’s often used in corporate or high-security settings.
What type of encryption uses the same key for both encrypting and decrypting data?
Symmetric encryption🧠 Explanation: In symmetric encryption, the same key is used to lock (encrypt) and unlock (decrypt) data. It's fast but requires secure key sharing between the sender and receiver.
This malware secretly gathers your private information like passwords, browsing habits, or keystrokes.
Spyware
🧠 Explanation: Spyware runs in the background of your device, secretly tracking your activity without your consent. It collects sensitive information such as passwords, browsing habits, and keystrokes, which is often sold to third parties or used for malicious purposes.
What do we call a fake Wi-Fi network set up to steal users’ data when they connect?
Evil twin attack
🧠 Explanation: An evil twin attack occurs when a hacker sets up a fake Wi-Fi hotspot with the same name as a legitimate network, tricking users into connecting to it. Once connected, the hacker can monitor or steal personal data from the user’s device.
What kind of phishing uses text messages to trick people into clicking malicious links or sharing private data?
Smishing
🧠 Explanation: Smishingis phishing through SMS. Messages might pretend to be from your bank, a delivery service, or even government agencies, with urgent language pushing you to click a link or reply with sensitive information.
What authentication method evaluates things like typing speed, location, or the device you’re using to verify your identity?
Behavioral authentication
🧠 Explanation: Behavioral authentication looks at patterns in how you interact with devices—like how you type or move your mouse. It's a passive method that helps detect unusual behavior and prevent fraud.
What type of encryption uses one key to encrypt and a different key to decrypt?
Asymmetric encryption
🧠 Explanation: Asymmetric encryption uses a pair of keys—a public key to encrypt and a private key to decrypt. This method is widely used for secure email, websites (HTTPS), and digital signatures.