Recommended for

ages 9-11

The Phisherman

Teacher Guide
Duration: 1 hour

1
Overview
This Teacher Guide provides discussion points and additional activities to support the use of Barefoot’s
The Phisherman game within the classroom.

The Phisherman game consists of a number of mini-games, with each game focusing on a different
aspect of phishing. Following each game, a number of questions and topics are presented to facilitate
further discussion and enable children to share their own experiences.

Additional activities are also included from SWGfL’s Project Evolve toolkit. Project Evolve provides
resources for each of the 330 statements from the UK Council for Internet Safety’s (UKCIS) Education for
a Connected World (ECW) framework, including perspectives; research; activities; outcomes; supporting
resources and professional development materials. The toolkit, which is free to use for schools, can be
found at – https://projectevolve.co.uk An account to use the toolkit can be created at –
https://projectevolve.co.uk/register

The activities within The Phisherman game can be undertaken in any order, although a suggested route
through the game is outlined within this document.

Pupil objectives
■ I can define phishing and why it is used by cyber criminals
■ I can identify technologies typically used for phishing
■ I can identify common features and themes of phishing
■ I can identify how to prevent being a victim of phishing

Introduction
Explain to pupils they are going to play a game to develop their understanding of an important aspect
of cyber security. Share the learning objectives with pupils on slide 2 if this is your usual practice.

Using slide 3, demonstrate to pupils how to access the game using a web browser and explain how the
game provides a safe environment to learn about phishing. Ask pupils to begin the game, then, once
they reach the underwater village of Kelpy Deeps, play the Turtle mini-game until they get back to the
underwater village of Kelpy Deeps.

The Phisherman – Teacher guide 2

After Turtle – Personal information
Activity
Using slide 4, discuss with pupils what other examples of personal information they’re aware of (e.g.
home address, phone number, user names, etc), along with why it is important they are kept private (e.g.
someone comes around to your house, someone you don’t know phones you up, someone tries to sign
into your account, etc).

Using slide 5, explain to pupils that personal information can also be obtained about you by using the
Internet. This might mean cyber criminals can access your accounts by finding out information, such
as your date or birth, or pretend to know you when contacting you, such as by finding out your name,
phone number, names of your friends and your interests. Ask pupils:

■ Where on the Internet could personal information about you be found? (Social media platforms)
■ How can we ensure this personal information isn’t stolen and used within phishing scams? (Make our
profiles private and ensure any information on public profiles can’t allow us to be easily identified)
■ What might be changed on your profiles? (Sharing as little information as possible, profile picture not
of you, highest privacy settings)

Using slide 6, ask pupils to begin the Whale game next and to stop once they are back at the
underwater village of Kelpy Deeps.

Optional task from Project

ECW Learning Outcome – I can describe strategies for keeping personal information private,
depending on context – https://projectevolve.co.uk/toolkit/resources/content/privacy-and-securi-
ty/7-11/i-can-describe-strategies-for-keeping-personal-information-private-depending-on-context/
Pupils examine personal information and create an acceptable public social media profile.

After Whale – Training game

Activity
Using slide 7, remind pupils of the five different features of phishing messages – bad grammar, under
pressure, too good to be true, design errors and untrusted sources.

Note: Depending on the age of your pupils, it may be appropriate to outline how bad grammar may be
used in an attempt to bypass spam email filters, which will often block correctly spelt words or phrases
found in phishing messages.

Ask children to come up with their own examples of each feature – e.g. a message putting the user
under pressure might be “you have won a brand new games console if you reply to this message in the
next 30 seconds”. Ask pupils to share their examples with the class.

Using slide 8, ask pupils to begin the Fish game next and to stop once they are back at the underwater
village of Kelpy Deeps.

Optional task from Project

ECW Learning Outcome – I can describe ways in which some online content targets people to gain
money or information illegally; I can describe strategies to help me identify such content (e.g. scams,
phishing) – https://projectevolve.co.uk/toolkit/resources/content/privacy-and-security/7-11/i-can-describe-
ways-in-which-some-online-content-targets-people-to-gain-money-or-information-illegally-i-can-de-
scribe-strategies-to-help-me-identify-such-content-e-g-scams-phishing/
Pupils examine a range of phishing techniques, then go on to design their own online scam.

The Phisherman – Teacher guide 3

After Octo – email inbox
Activity
Using slide 11, ask pupils to share what other services they can receive messages on (Whatsapp, text,
direct messages on a social platform, etc) and outline how phishing can also take place on these
platforms. Ask pupils to share other types of phishing messages they are aware of (e.g. free games
being offered on online gaming platforms, fake premium versions of services, etc) and how they should
act if receiving such messages.

Using slide 12, explain to pupils a password is a form of personal information and can be the focus of
phishing scams. Outline how insecure passwords can be used to access accounts and send out phishing
scams, which can mean your friends and family think they are receiving genuine messages.
Ask children:

■ What might happen if we didn’t have passwords for our accounts? (Anyone could access our online
accounts and use them to obtain our personal information, steal our money and pretend to be
someone else)
■ What makes a good password? (Hard to guess, unique to each service, long, easy to remember)
■ How can we keep our passwords safe? (Store it in your browser, create an encrypted file containing
your passwords, use a password manager)

Using slide 13, ask pupils to begin the PufferFish game next and to stop once they are back at the
underwater village of Kelpy Deeps.

Optional task from Project

ECW Learning Outcome – I can describe simple strategies for creating and keeping passwords private
– https://projectevolve.co.uk/toolkit/resources/content/privacy-and-security/7-11/i-can-describe-sim-
ple-strategies-for-creating-and-keeping-passwords-private/ Children generate their own passwords by
creating a password tumbler and examining strategies for keeping their passwords safe.

After Pufferfish – phone call

Activity
Using slide 14, discuss with pupils why receiving a phone call could be an effective phishing scam (e.g.
pressurised, can’t stop and think). Ask pupils why they would be likely to believe someone calling on the
phone? (e.g they can try and build up a relationship with you, try to sound genuine). Remind children
they should always seek help if they feel uncomfortable when using technology.

Using slide 15, ask pupils to begin the final game, which is located in the centre of Kelpy Deeps.

Optional task from Project

ECW Learning Outcome – I can explain the importance of asking until I get the help needed
– https://projectevolve.co.uk/toolkit/resources/content/self-image-and-identity/7-11/i-can-
explain-the-importance-of-asking-until-i-get-the-help-needed/ Children undertake a survey and
subsequent discussion based on the outcomes of seeking help when working online.

The Phisherman – Teacher guide 4

After final game
Activity
Using slide 16, discuss with pupils what they have learnt on the game by asking:

■ W
 hat one thing are you either going to start doing or stop doing based on what they have learnt
during the game?
■ What could you tell someone else you live with about a certain element of the game, which might
be of benefit to them?
■ What should you do if you believe you have fallen for a phishing scam?

Optional task from Project

ECW Learning Outcome – I can explain what to do if a password is shared, lost or stolen - https://pro-
jectevolve.co.uk/toolkit/resources/content/privacy-and-security/7-11/i-can-explain-what-to-do-if-a-pass-
word-is-shared-lost-or-stolen/ – Children produce an emergency password action plan, which focuses
on the steps to take when using passwords in the future, along with what to do if their password is lost
or stolen.

The Phisherman – Teacher guide 5

The Phisherman – Teacher guide 6
 We love seeing our resources
being used in the classroom.
Please share your comments and pictures via our social channels:

@BarefootComp /barefootcomputing @barefootcomputing

Scan the QR code to download

more FREE lesson plans!

enquiries@barefootcomputing.org | barefootcomputing.org

Supported by With help from