URL: http://www.newsflashenglish.com/020408phishing1.html

Download FREE English lesson:

Phishing attack hits bank customers

• Word Doc
• PDF Doc

Ideas and Articles by David Robinson

2^nd April 2008

Category: Business / Banking / Security

Level: Intermediate / Upper intermediate

This lesson is the copyright of www.newsflashenglish.com

START

1. PHISHING ATTACKS: What do you know about phishing attacks? What does the word phishing mean? When was the word invented? (You may need to use the internet to find this answer) Have you ever experienced a phishing attack? When? What happened? Go round the room swapping stories. Change partners often.

2. DICTATION: The teacher will read some of the article slowly and clearly. Students will write down what they hear. The teacher will repeat the passage slowly again. Self correct your work from page 2 - filling in spaces and correcting mistakes. Be honest with yourself on the number of errors. Advise the teacher of your total number of errors. Less than 5 is very good. 10 are acceptable. Any more is room for improvement! More than 20 - we need to do some work!

3. READING: Get students to read the passage aloud. Swap readers every paragraph.

4. VOCABULARY: Students look through the article. Underline/highlight any vocabulary you do not know. Look in dictionaries. Discuss and help each other out. The teacher will go through & explain any words or phrases you do not understand.

5. EXPLAIN: Explain the following: phishing e-mail / eliciting / initially / criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity through electronic communication / alien server / subsequently misused / for financial gain / serves exclusively for / detected / targeting / composed in / the occurrence / unknown offender / sensitive data / despite / as soon as possible / fraudulent / immediately

6. PHISHING ATTACKS/SPAM: QUICK DISCUSSION: With your partner discuss the following:

Student A
1) Have you ever experienced a phishing attack? If yes, when?
2) What did you do?
3) Have you ever opened an e-mail attachment and wished you hadn’t?
4) Have you ever given away your personal details online and wished you hadn’t?
5) What’s the best way to prevent phishing?
Student B
1) What do you do with all the spam mail you receive?
2) What should be done about all the spam that is sent out to everyone on the internet?
3) Do you use different e-mail accounts for unknown websites? (to prevent spam)
4) Have you ever received any dodgy e-mails from Nigeria?
5) Which continents, countries or places that hackers come from could be problematic?

7. QUICK DEBATE ON SPAM: Students A believe spam mail should be banned! Explain why. Students B doesn’t worry about it. Explain why.

8. INTERNET BANKING: Think of 3 advantages and 3 disadvantages of using internet banking. Compare and discuss with your partner.

Advantages	Disadvantages
1	1
2	2
3	3

The teacher will choose some pairs to discuss their findings in front of the class.

9. BANKING: Think of 3 other types of banking methods used - other than internet banking. Compare and discuss with your partner.

1
2
3

The teacher will choose some pairs to discuss their findings in front of the class.

10. BANKING: Think of 3 advantages and 3 disadvantages of using traditional banking. Compare and discuss with your partner.

Advantages	Disadvantages
1	1
2	2
3	3

The teacher will choose some pairs to discuss their findings in front of the class.

11. ARTICLE QUIZ: With your partner or in small groups: (1 point for each correct answer. Lose ½ point if you look at the article for help!)

Student A
1) Name the bank
2) Name the IT security firm
3) What has SLSP now done?
4) What is a phishing attack?
5) If customers fill in a form what could happen?
6) What do banks never ask?
7) What maybe misused by others?
8) What did several hundred clients do?
Student B
1) Explain internet banking
2) What did the bank do?
3) What day did the phishing attach start?
4) What was the bank going to do on Tuesday?
5) How many languages was the phishing attack in?
6) What was initially sent to many people?
7) What happened on Wednesday?
8) What may land at an alien server?

12. INTERNET ATTACKS: Think of 3 internet attacks you have suffered on your computer. Compare and discuss with your partner.

1
2
3

The teacher will choose some pairs to discuss their findings in front of the class.

13. QUICK DISUSSION: With your partner discuss the following questions relating to no 12 above.

Student A
1) What is the worst internet attack you have had?
2) How did you solve it?
3) What do you have on your computer to prevent such attacks?
4) Has you computer ever been hacked?
Student B
1) What advise would you give other people regarding such attacks?
2) Have you ever gone to a website that has infected your computer?
3) How do you notice that your computer might be affected?
4) What do you know about hackers?

14. ANTI-VIRUS, ANTI-SPYWARE & FIREWALLS: Think of 2 anti-virus systems, 2 anti-spyware packages and 2 different firewalls that we all use. Compare and discuss with your partner.

Anti-Virus	Anti–spyware	Firewalls
1	1	1
2	2	2

The teacher will choose some pairs to discuss their findings in front of the class.

15. QUICK DISUSSION: With your partner discuss the following questions relating to no 14 above.
1) Which of 2 anti-virus packages you have listed is best and why?
2) Which of the 2 anti-spyware packages is best and why?
3) Which of the 2 firewalls is best and why?
4) What anti virus programmes do you use?
5) What anti-spyware do you use and use frequently?

16. ANTI-VIRUS & ANTI-SPYWARE: Think of three reasons for having anti-virus and anti-spyware on your computer. Compare and discuss with your partner(s).

Anti-Virus	Anti-Spyware
1	1
2	2
3	3

The teacher will choose some pairs to discuss their findings in front of the class.

17. I LOOKED AT MY COMPUTER AND SAW…: Swap partners! Think of 10 useful programmes you might see on your computer screen desktop. Write them below. Compare and discuss with your new partner.

1	6
2	7
3	8
4	9
5	10

The teacher will choose some pairs to discuss their findings in front of the class.

18. UN-SCRAMBLE: Put the following into the right order:

Easy
1) Slovak e-mail phishing in the was
2) e-mail received many phishing the people
3) also customers mail received the non
4) clients the been bank’s informed have
5) going file is charges SLSP to
Harder
6) clients warn reply not we e-mail to the to
7) the for might use information other gain financial
8) the attack ESET morning Wednesday on detected
9) the clients hundreds several informed bank of
10) police has the filed SLSP complaint criminal a now with

(Answers are on page 15 – sentences adapted from article)

19. PHISHING: With your partner on the board write as many words to do with ‘Phishing’ as you can. One-two minutes. Compare with other teams. Discuss together – linking your words.

20. SENTENCES: Choose six/nine of the words from no 19. Write two/three sentences using two/three words in each. Underline your chosen words. The teacher will if necessary correct your work. Students might be asked to read their sentences aloud.

21. SENTENCE STARTERS: With your partner(s), finish these sentence starters. Change partner(s) and talk about the sentences you made.

1. Phishing _____________________________________________________

2. The bank said __________________________________________________

3. The e-mail ____________________________________________________

4. A spokesperson ________________________________________________

5. The English version ______________________________________________

6. Bank customers ________________________________________________

AFTER READING / LISTENING

1. TRUE / FALSE: After reading the article guess whether these sentences are true (T) or false (F):

a.	The phishing attack was sent in Slovak and in English	T / F
b.	The attacks started on Saturday morning	T / F
c.	The data will be sent to aliens serving their master	T / F
d.	Banks always ask you for your personal data online	T / F
e.	SLSP has filed a criminal complaint	T / F
f.	ESET is an IT security firm	T / F
g.	Phishing attacks happen once a year	T / F
h.	The bank warned clients not to respond to the bogus e-mail	T / F

2. SYNONYM MATCH: Match the following synonyms from the article:

a.	Clients	Even though
b.	Subsequently	Deceptive
c.	Virus	Criminal
d.	Offender	Appearance
e.	Fraudulent	Something
f.	Despite	Disease
g.	Such	Honest
h.	Entity	Afterwards
i.	Trustworthy	Like
j.	Form	Customers

3. PHRASE MATCH: Match the following phrases from the article:

a.	The e-mail message	shortly afterwards translated into Slovak
b.	After spreading it in English it was	similar fraudulent e-mails in the future
c.	Slovenská Sporitel’ňa warned its clients	acquire sensitive information
d.	SLSP is going to file charges	their data will land at an alien server
e.	We warn our clients not to reply to	their data via e-mail
f.	SLSP has now filed	against an unknown offender
g.	Banks never ask clients to provide	informed the bank
h.	If customers respond by filling out a form	not to reply to any of the e-mails
i.	Several hundreds of clients	a criminal complaint with the police
j.	Phishing is an attempt to fraudulently	was initially sent to many people in English

GAP FILL: READING

Put the words into the gaps in the text.

A Slovak _______ of a phishing e-mail, aimed at eliciting personal data from clients with accounts at Slovenská Sporitel’ňa (SLSP), (a bank in Slovakia) has now appeared. The e-mail message was initially sent to many people in English on 24th March. Some people who received the mail weren’t even the banks customers. After spreading in English it was shortly afterwards translated into Slovak and spread about. ________ is an attempt to __________ and ____________ acquire sensitive information by masquerading as a __________ entity through electronic communication. If ________ respond by filling out a form, their data will land at an alien server and may be subsequently misused by others who might use it for financial gain. “Banks never ask clients to provide their data via e-mail. Internet banking serves __________ for personal administration of and work with an _______,” Juraj Malcho, Chief of ESET virus laboratory explained.		account fraudulently exclusively trustworthy criminally phishing customers version
Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning when it updated its database of samples. Slovenská Sporitel’ňa warned its clients not to reply to any of the e-mails asking for personal data following the __________ of news of ________ in English. SLSP registered this latest attempt to misuse client data on Monday, 24th March. “Several hundreds of clients informed the bank about ______ composed in English. SLSP is going to file charges against an ______ offender,” spokesman Štefan Frimmer told reporters on Tuesday. He continued, “The bank’s clients have been informed. Those who provided sensitive data concerning their accounts _______ warnings should report this to SLSP as soon as possible.” Frimmer added, “We warn our clients not to reply to similar __________ e-mails in the future and __________ inform us about such events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal ________ with the police.		unknown fraudulent despite occurrence messages e-mails immediately complaint

GAP FILL: LISTENING:

Listen and fill in the spaces.

Phishing attack hits bank customers

A Slovak version of a phishing e-mail, aimed at eliciting personal data from clients with accounts at Slovenská Sporitel’ňa (SLSP), (________________) has now appeared. The e-mail message was initially sent _________________ English on 24^th March. Some people who _________________ weren’t even the banks customers. After spreading in English it was shortly afterwards translated into Slovak and spread about. Phishing is an attempt to criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity through electronic communication. If customers respond by filling out a form, their data will land at an alien _________________ subsequently misused by others who might use it for financial gain. “Banks ____________________ provide their data via e-mail. Internet banking serves exclusively for personal administration ___________________ account,” Juraj Malcho, Chief of ESET virus laboratory explained.

Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning when it updated its database of samples. Slovenská Sporitel’ňa warned __________________ reply to any of the e-mails asking for personal data following the occurrence _______________________ in English. SLSP registered ___________________ to misuse client data on Monday, 24^th March. “Several hundreds of clients informed the bank about e-mails composed in English. SLSP ________________ charges against an unknown offender,” spokesman Štefan Frimmer told reporters on Tuesday. He continued, “The bank’s clients have been informed. Those who provided sensitive data concerning their accounts despite warnings should report this to SLSP ___________________.” Frimmer added, “We warn our clients _______________ similar fraudulent e-mails in the future and immediately inform us about such events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal complaint with the police.

DISCUSSION

STUDENT A’s QUESTIONS (Do not show these to student B)

1. Did the headline make you want to read the article?

2. Have you ever experienced a phishing attack?

3. What do you normally do when you get a phishing e-mail?

4. Have you ever replied to a phishing attack?

5. If yes, what happened next?

6. Have you ever lost money as a result of a phishing attack?

7. What can be done to prevent such attacks?

8. What advice do you take when dealing with anti-virus, anti-spyware and firewall systems?

9. Did you receive the e-mail in question?

10. If yes, what did you do about it?

---------------------------------------------------------------------

STUDENT B’s QUESTIONS (Do not show these to student A)

1. Do you use internet banking?

2. What do you think about it?

3. What general advice would you give others about security online?

4. Do you think the bank in the article will catch the perpetrators?

5. Do you trust internet banking?

6. Do you receive any/many dodgy e-mails?

7. What sort of dodgy e-mails do you get?

8. What do you do if you get a virus on your computer?

9. When did you first hear of the word phishing?

10. Did you like this discussion?

AFTER DISCUSSION: Join another partner / group and tell them what you talked about.

1. What was the most interesting thing you heard?

2. Was there a question you did not like?

3. Was there something you totally disagreed with?

4. What did you like talking about?

5. Which was the most difficult question?

LANGUAGE: CORRECT WORD: Choose the correct words from a–d below and write them in the article.

A (1)__ version of a phishing e-mail, aimed at eliciting personal data from clients with accounts at Slovenská Sporitel’ňa (SLSP), (a bank in Slovakia) has now appeared. The e-mail message was initially sent to many people in English on 24^th March. Some people who received the mail weren’t even the banks customers. After spreading in English it was shortly afterwards translated into Slovak and spread about. Phishing is an attempt to criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity through electronic communication. If customers respond by filling out a form, their data will land at an alien server and may be subsequently (2)__ by others who might use it for financial gain. “Banks never ask clients to provide their data via e-mail. Internet banking serves exclusively for personal administration of and work with an account,” Juraj Malcho, Chief of ESET virus laboratory (3)__.

Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning when it (4)__ its database of samples. Slovenská Sporitel’ňa warned its clients not to reply to any of the e-mails asking for personal data following the occurrence of news of (5)__ in English. SLSP registered this latest attempt to misuse client data on Monday, 24^th March. “Several hundreds of clients informed the bank about e-mails composed in English. SLSP is going to file charges against an unknown offender,” spokesman Štefan Frimmer told (6)__ on Tuesday. He continued, “The bank’s clients have been informed. (7)__ who provided sensitive data concerning (8)__ accounts despite warnings (9)__ report this to SLSP (10)__ possible.” Frimmer added, “We warn our clients not to reply to similar fraudulent e-mails in the future and immediately inform us about (11)__ events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal (12)__ with the police.

1.	(a)	English	(b)	Chinese	(c)	Slovak	(d)	American
2.	(a)	misused	(b)	misuse	(c)	misusing	(d)	misuses
3.	(a)	explaining	(b)	explains	(c)	explain	(d)	explained
4.	(a)	update	(b)	updated	(c)	updating	(d)	updates
5.	(a)	message	(b)	SMS’S	(c)	messages	(d)	letters
6.	(a)	reporters	(b)	reporter	(c)	reporting	(d)	reported
7.	(a)	their	(b)	those	(c)	this	(d)	these
8.	(a)	their	(b)	there	(c)	those	(d)	this
9.	(a)	will	(b)	could	(c)	would	(d)	should
10.	(a)	as good as	(b)	as strong as	(c)	as long as	(d)	as soon as
11.	(a)	some	(b)	different	(c)	such	(d)	these
12.	(a)	complained	(b)	complaint	(c)	complaining	(d)	complains

GRAMMAR 1: MIDWAY

Put the words into the gaps in the text.

Phishing attack hits bank customers A Slovak version of a phishing e-mail, aimed at eliciting personal data (1)____ clients (2)____ accounts at Slovenská Sporitel’ňa (SLSP), (a bank in Slovakia) has now appeared. The e-mail message was initially sent to (3)____ people in English on 24th March. (4)____ people who received the mail weren’t (5)____ the banks customers. After spreading in English it was shortly afterwards translated into Slovak and spread about. Phishing is an attempt to criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity (6)_____ electronic communication. If customers respond by filling out a form, their data will land at an alien server and may be subsequently misused by others who (7)_____ use it for financial gain. “Banks never ask clients to provide (8)____ data via e-mail. Internet banking serves exclusively for personal administration of and work with an account,” Juraj Malcho, Chief of ESET virus laboratory explained.		even with many some their might through from
Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning (1)____ it updated its database of samples. Slovenská Sporitel’ňa warned its clients not to reply to any of the e-mails asking for personal data following the occurrence of news of messages in English. SLSP registered (2)____ latest attempt to misuse client data on Monday, 24th March. “Several hundreds of clients informed the bank (3)____ e-mails composed in English. SLSP is going to file charges against an unknown offender,” spokesman Štefan Frimmer told reporters on Tuesday. He continued, “The bank’s clients have been informed. (4)____ who provided sensitive data concerning (5)____ accounts despite warnings (6)_____ report this to SLSP as soon as possible.” Frimmer added, “We warn our clients not to reply to similar fraudulent e-mails in the future and immediately inform us about (7)____ events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal complaint (8)____ the police.		about such their should this with those when

GRAMMAR 2: EASY

Put the words into the gaps in the text.

Phishing attack hits bank customers A Slovak version (1)__ a phishing e-mail, aimed (2)__ eliciting personal data from clients with accounts at Slovenská Sporitel’ňa (SLSP), (a bank in Slovakia) has now appeared. The e-mail message was initially sent to many people in English on 24th March. Some people (3)__ received the mail weren’t even the banks customers. After spreading (4)__ English (5)__ was shortly afterwards translated into Slovak and spread about. Phishing is an attempt to criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity through electronic communication. If customers respond by filling out a form, their data will land at (6)__ alien server (7)__ may be subsequently misused by others who might use it for financial gain. “Banks never ask clients to provide their data via e-mail. Internet banking serves exclusively (8)__ personal administration of and work with an account,” Juraj Malcho, Chief of ESET virus laboratory explained.		who for it and at in an of
Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning when (1)__ updated its database of samples. Slovenská Sporitel’ňa warned (2)___ clients not to reply to any of the e-mails asking for personal data following the occurrence of news of messages in English. SLSP registered this latest attempt to misuse client data on Monday, 24th March. “Several hundreds (3)__ clients informed the bank about e-mails composed in English. SLSP is going to file charges against an unknown offender,” spokesman Štefan Frimmer told reporters (4)__ Tuesday. (5)__ continued, “The bank’s clients have been informed. Those who provided sensitive data concerning their accounts despite warnings should report this to SLSP as soon as possible.” Frimmer added, “We warn (6)___ clients not to reply (7)__ similar fraudulent e-mails in the future and immediately inform us about such events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal complaint with (8)___ police.		of to he its on it the our

HOMEWORK

1. INTERNET: PHISHING ATTACKS: Search the internet for more on ‘phishing attacks’. Talk about what you discover with your partner(s) in the next lesson.

2. NEWSPAPER ARTICLE: Write an article on “Phishing attacks” (Imagine!) (Minimum 200 words)

3. NEWSPAPER ARTICLE: Write an article on “The best anti-spyware, anti-virus and firewalls are…” (Imagine!) (Minimum 200 words)

Read what you wrote to your classmates in the next lesson. Which article was best and why?

WRITING: IN CLASS:

1. FIVE MINUTE ARTICLE: Write an article on “Phishing attacks” You have five minutes. Afterwards swap articles with your partner. Read through their article and correct any mistakes. The teacher will select some students to read out their work. Countdown: Every minute the teacher may say, “You have xx minutes.”

2. FIVE MINUTE ARTICLE: Write an article on “The best anti-spyware, anti-virus and firewalls are…” (Imagine!) You have five minutes. Afterwards swap articles with your partner. Read through their article and correct any mistakes. The teacher will select some students to read out their work. Countdown: Every minute the teacher may say, “You have xx minutes.”

SPELLING TEST

The teacher will ask the class individually to spell the following words that are in the article:

1 version	11 eliciting
2 similar	12 phishing
3 attempt	13 financial
4 occurrence	14 fraudulent
5 database	15 immediately
6 complaint	16 misuse
7 trustworthy	17 administration
8 masquerading	18 through
9 entity	19 initially
10 subsequently	20 acquire

ANSWERS: 2

12. UN-SCRAMBLED: (adapted from article)
Easy
1) The phishing e-mail was in Slovak
2) Many people received the phishing e-mail
3) Non customers also received the mail
4) The bank’s clients have been informed
5) SLSP is going to file charges
Harder
6) We warn clients not to reply to the e-mail
7) Other might use the information for financial gain
8) ESET detected the attack on Wednesday morning
9) Several hundreds of clients informed the bank
10) SLSP has now filed a criminal complaint with the police

ANSWERS: 1

TRUE / FALSE:

a. T

b. F

c. F

d. F

e. T

f. T

g. F

h. T

SYNONYM MATCH:

a.	Clients	Customers
b.	Subsequently	Afterwards
c.	Virus	Disease
d.	Offender	Criminal
e.	Fraudulent	Deceptive
f.	Despite	Even though
g.	Such	Like
h.	Entity	Something
i.	Trustworthy	Honest
j.	Form	Appearance

PHRASE MATCH:

a.	The e-mail message	was initially sent to many people in English
b.	After spreading it in English it was	shortly afterwards translated into Slovak
c.	Slovenská Sporitel’ňa warned its clients	not to reply to any of the e-mails
d.	SLSP is going to file charges	against an unknown offender
e.	We warn our clients not to reply to	similar fraudulent emails in the future
f.	SLSP has now filed	a criminal complaint with the police
g.	Banks never ask clients to provide	their data via e-mail
h.	If customers respond by filling out a form	their data will land at an alien server
i.	Several hundreds of clients	informed the bank
j.	Phishing is an attempt to fraudulently	acquire sensitive information

GAP FILL: Phishing attack hits bank customers: A Slovak version of a phishing e-mail, aimed at eliciting personal data from clients with accounts at Slovenská Sporitel’ňa (SLSP), (a bank in Slovakia) has now appeared. The e-mail message was initially sent to many people in English on 24^th March. Some people who received the mail weren’t even the banks customers. After spreading in English it was shortly afterwards translated into Slovak and spread about. Phishing is an attempt to criminally and fraudulently acquire sensitive information by masquerading as a trustworthy entity through electronic communication. If customers respond by filling out a form, their data will land at an alien server and may be subsequently misused by others who might use it for financial gain. “Banks never ask clients to provide their data via e-mail. Internet banking serves exclusively for personal administration of and work with an account,” Juraj Malcho, Chief of ESET virus laboratory explained.

Slovak IT security firm ESET detected the Slovak version of the phishing attack targeting SLSP client’s early on Wednesday morning when it updated its database of samples. Slovenská Sporitel’ňa warned its clients not to reply to any of the e-mails asking for personal data following the occurrence of news of messages in English. SLSP registered this latest attempt to misuse client data on Monday, 24^th March. “Several hundreds of clients informed the bank about e-mails composed in English. SLSP is going to file charges against an unknown offender,” spokesman Štefan Frimmer told reporters on Tuesday. He continued, “The bank’s clients have been informed. Those who provided sensitive data concerning their accounts despite warnings should report this to SLSP as soon as possible.” Frimmer added, “We warn our clients not to reply to similar fraudulent e-mails in the future and immediately inform us about such events, for instance by e-mail to the address: info@slsp.sk.” SLSP has now filed a criminal complaint with the police.

LANGUAGE WORK

1 - c

2 - a

3 - d

4 - b

5 - c

6 - a

7 – b

8 - a

9 - d

10 - d

11 - c

12 – b