Lesson Notes By Weeks and Term v4 - JHS 3
INFORMATION SECURITY
Download the Lessonotes Mobile Ghana app for faster lesson access on Android and iPhone.
INFORMATION SECURITY
Download the Lessonotes Mobile Ghana app for faster lesson access on Android and iPhone.
Subject: Computing
Class: JHS 3
Term: 3rd Term
Week: 3
Grade code: B9.3.3.1.2
Strand code: 3
Sub-strand code: 3
Content standard code: B9.3.3.1
Indicator code: B9.3.3.1.2
Theme: COMMUNICATION NETWORKS
Subtheme: INFORMATION SECURITY
This page supports the lesson note with a companion video and a short classroom-ready summary.
For class groups and homework, share this lesson page so learners also get the summary, objectives, and full lesson context.
In today's Ghana, we use the internet for everything: chatting on WhatsApp, watching videos on YouTube, banking, and even Mobile Money (MoMo) transactions. While the internet is a powerful tool, it also has dangers. There are people called hackers who try to steal our personal information, money, and secrets. This lesson is crucial because it will teach you how these hackers operate. By understanding their tricks, you can learn to protect yourself, your family's information, and your money online. This is not just a computing topic; it is a life skill for every modern Ghanaian citizen.
What is Information Hacking?
Information Hacking is the act of gaining unauthorized access to data in a computer, a phone, or a network. The person who does this is called a hacker. Their goal is often to steal, change, or destroy information for personal gain, such as stealing money, personal details (like your Ghana Card number), or private messages. Ten (10) Information Hacking Techniques
Here are ten common methods hackers use. We will explain each one with a simple definition, how it works, and a Ghanaian example. Phishing What it is: Tricking someone into giving away their sensitive information (like passwords or bank details) by pretending to be a trustworthy person or company. How it works: Hackers send fake emails, SMS messages, or WhatsApp messages that look official. These messages often create a sense of urgency, telling you your account is blocked or you have won a prize. They include a link that leads to a fake website, which looks exactly like the real one (e.g., a fake Facebook login page). When you enter your details, the hacker captures them. Ghanaian Example: You receive an SMS that says: "Dear Customer, your Mobile Money wallet has been suspended due to a system upgrade. Click this link http://bit.ly/momo-reactivate to restore your account NOW." When you click and enter your PIN, the hacker steals it. Keyloggers (Keystroke Logging) What it is: A type of malicious software (malware) or hardware device that secretly records every key you press on your keyboard. How it works: A keylogger can be installed on a computer without the user's knowledge, often by clicking a malicious link or downloading an infected file. It then runs in the background, recording everything you type—passwords, email messages, bank account numbers—and sends this information to the hacker. Ghanaian Example: A student goes to a public internet café to check their BECE results online. The café computer has a keylogger installed. When the student types their index number and password on the results checker portal, the keylogger records it. The hacker can later use this information. Denial of Service (DoS) Attack What it is: An attack designed to make a website or online service unavailable to its real users. How it works: The hacker floods the target website's server with a massive amount of fake traffic or requests. The server becomes so busy handling the fake requests that it cannot respond to legitimate users. Imagine a thousand people rushing into a small kenkey shop at once just to look around, preventing actual customers from buying anything. Ghanaian Example: On the day university admission lists are released, a hacker could launch a DoS attack on the university's portal. This would prevent genuine students from being able to check their admission status, causing panic and confusion. Eavesdropping What it is: Secretly listening to or intercepting private communication over a network. How it works: This often happens on unsecured Wi-Fi networks (like free public Wi-Fi). A hacker on the same network can use special software to "sniff" the data being sent between your device and the internet. If the data is not encrypted (protected), they can read your messages, see your passwords, and view the websites you visit. Ghanaian Example: You are at the Accra Mall using their free public Wi-Fi to log into your online banking app. A hacker connected to the same Wi-Fi could intercept the login details you send, giving them access to your bank account. Baiting What it is: Using a tempting offer or a physical device to trick a victim into exposing their system to malware. How it works: The hacker leaves a malware-infected device, like a USB flash drive or a CD, in a place where someone is likely to find it (e.g., an office, a library). The drive might be labelled "BECE Leaked Questions" or "Salaries". Out of curiosity, the victim plugs the drive into their computer, which then automatically installs the malware. Ghanaian Example: A student finds a pen drive on the floor of the school's computer lab. They plug it into a computer to see what's on it. The pen drive contains a virus that infects the entire school network. Malware What it is: A general term for any malicious software designed to harm or exploit any programmable device, service or network. This includes viruses, worms, trojans, and spyware. How it works: Malware can enter your device when you download files from untrusted websites, open suspicious email attachments, or use infected software. Once inside, it can do many things: delete your files, spy on you through your webcam, or steal your data. Ghanaian Example: Someone downloads a "cracked" (free pirated) version of a popular software from a strange website. The software is bundled with malware that secretly steals all the saved passwords from their web browser. Social Engineering What it is: The art of psychologically manipulating people into performing actions or divulging confidential information. It is the "human" side of hacking. Phishing is a type of social engineering. How it works: The hacker builds trust or creates a sense of fear or urgency. They might call you pretending to be from your bank or a telecommunication network (like MTN or Vodafone). They use clever talk to convince you to share your PIN, a one-time password (OTP), or personal details. Ghanaian Example: A person calls you and says, "Good afternoon, my name is Kwame from the MoMo head office. We are doing a system update and have randomly selected your number to win GHS 500. To receive it, please tell me the 4-digit code that was just sent to your phone." This code is actually a password reset or cash-out approval code. Brute Force Attack What it is: A trial-and-error method used to guess a password or PIN. How it works: The hacker uses a computer program to try many different password combinations very quickly until the correct one is found. This attack is most effective against short and simple passwords like "1234", "password", or "Kofi". The longer and more complex your password, the harder it is for a brute force attack to succeed. Ghanaian Example: A hacker wants to access someone's Facebook account. They know the person's username and suspect they use a weak password. The hacker's software tries common Ghanaian names, dates of birth, and simple words until it successfully guesses the password "Ama2008". Man-in-the-Middle (MitM) Attack What it is: A more advanced form of eavesdropping where the hacker secretly places themselves between two parties who are communicating. How it works: The hacker intercepts the communication and can relay messages, listen in, and even alter the messages without the two parties knowing. For example, the hacker can intercept your request to go to `www.mybank.com` and send you to their fake version of the site instead. Ghanaian Example: While using a public Wi-Fi, you try to top up your ECG prepaid credit online. A hacker using a MitM attack intercepts your payment details, including your credit card number, as you send them to the payment portal. SQL Injection (SQLi) What it is: An attack that targets databases that are connected to websites. It involves inserting malicious code into a website's input field (like a search bar or login form). How it works: Many websites use a database to store user information (usernames, passwords, etc.). A hacker can type a special command into a login or search box. If the website is not well-protected, this command can trick the database into revealing all the information it holds. Ghanaian Example: A hacker goes to a Ghanaian e-commerce website (like Jumia or a smaller online store). In the username field, instead of a name, they type a piece of malicious SQL code. This could trick the website's database into showing the hacker the usernames and passwords of all its customers.
Guided Practice (With Solutions)