Cybersecurity Threats 101

Before you can defend against attacks, you need to know what they look like. The good news: most everyday threats fall into a handful of well-understood categories. Once you can name them, they stop feeling mysterious and start feeling manageable. In this lesson you will learn the core threats every beginner must recognize — and how to use AI to keep learning about them.

What You'll Learn

The most common cyber threats facing everyday people and small organizations
How each threat actually works, in plain language
The simple defenses that stop the majority of attacks
How to use AI to research any threat you encounter

The Threats You Will Actually Meet

You do not need to memorize hundreds of attack types. Focus on the ones that cause the most real-world damage to ordinary people.

Phishing

Phishing is a fake message — email, text, or DM — designed to trick you into clicking a malicious link, entering your password on a fake page, or handing over money. It is the single most common attack because it targets humans, not machines. Variants include spear phishing (a personalized message aimed at you specifically) and smishing (phishing by SMS text).

Defense: slow down, check the sender, never click links in unexpected messages, and go to websites directly instead.

Malware

Malware is "malicious software" — any program designed to harm or spy. Common types:

Virus / worm — code that spreads from file to file or device to device.
Spyware — secretly watches what you do and steals data.
Ransomware — locks your files and demands payment to unlock them.
Trojan — malware disguised as a legitimate app or download.

Defense: only install software from official sources, keep your operating system updated, and run reputable antivirus protection.

Weak and Reused Passwords

If you use the same password everywhere, one breached website hands attackers the keys to all your accounts. This technique is called credential stuffing — attackers take leaked passwords and try them on hundreds of other sites automatically.

Defense: unique passwords for every account (a password manager makes this painless) plus multi-factor authentication.

Social Engineering

This is the broad art of manipulating people rather than hacking machines. Someone might call pretending to be tech support, or impersonate your boss to rush you into wiring money. Phishing is one type of social engineering.

Defense: verify identity through a separate channel before acting on any urgent request involving money or access.

Data Breaches

A breach happens when a company you trusted gets hacked and your data leaks. You did nothing wrong, but your email, password, or card details may now be circulating online.

Defense: check whether your accounts have been exposed and change those passwords. You will learn exactly how in a later lesson.

The 80/20 of Staying Safe

Security can feel overwhelming, but a tiny number of habits stop the overwhelming majority of attacks. If you do nothing else, do these five things:

Use a password manager and unique passwords everywhere.
Turn on multi-factor authentication (MFA) on email, banking, and social accounts.
Keep software updated — updates patch the holes attackers exploit.
Think before you click any link or attachment in an unexpected message.
Back up your important files so ransomware cannot hold you hostage.

These five habits are worth more than any expensive product. Everything else in this course builds on top of them.

Using AI to Research Any Threat

The threat landscape changes constantly, so the most useful skill is knowing how to learn fast. AI is excellent for this. Open Claude or Gemini and try:

Explain "credential stuffing" to a complete beginner. Use a simple analogy, then list three concrete things I can do to protect my accounts against it.

Or, when you read a scary headline, paste it in:

I saw a news headline about a "zero-day ransomware attack." Break down each part of that phrase for someone with no security background, and tell me whether it affects an ordinary person like me.

For sourced, up-to-date information, use Perplexity, which searches the live web and cites its sources:

What were the most common cyber attacks against individuals in the past year? Cite recent reputable sources.

Always remember the course rule — AI advises, you verify — and check anything important against an official source like a government cybersecurity agency.

Your Homework for This Lesson

Pick the one threat from this lesson that worries you most. Ask ChatGPT: "Explain how [threat] works using a real-world story, then give me a 5-step checklist to protect myself against it." Save the checklist somewhere you will actually see it. You have just turned a vague fear into a concrete plan.

Key Takeaways

Most real-world damage comes from a few threats: phishing, malware, weak passwords, social engineering, and data breaches.
Phishing and social engineering target humans, not machines — slowing down is your best defense.
Five habits (password manager, MFA, updates, careful clicking, backups) stop the majority of attacks.
AI tools like Claude, Gemini, and Perplexity are excellent for researching and explaining any threat.
Verify AI explanations against official sources before relying on them.

Cybersecurity Threats 101

What You'll Learn

The most common cyber threats facing everyday people and small organizations
How each threat actually works, in plain language
The simple defenses that stop the majority of attacks
How to use AI to research any threat you encounter

The Threats You Will Actually Meet

You do not need to memorize hundreds of attack types. Focus on the ones that cause the most real-world damage to ordinary people.

Phishing

Defense: slow down, check the sender, never click links in unexpected messages, and go to websites directly instead.

Malware

Malware is "malicious software" — any program designed to harm or spy. Common types:

Virus / worm — code that spreads from file to file or device to device.
Spyware — secretly watches what you do and steals data.
Ransomware — locks your files and demands payment to unlock them.
Trojan — malware disguised as a legitimate app or download.

Defense: only install software from official sources, keep your operating system updated, and run reputable antivirus protection.

Weak and Reused Passwords

Defense: unique passwords for every account (a password manager makes this painless) plus multi-factor authentication.

Social Engineering

Defense: verify identity through a separate channel before acting on any urgent request involving money or access.

Data Breaches

A breach happens when a company you trusted gets hacked and your data leaks. You did nothing wrong, but your email, password, or card details may now be circulating online.

Defense: check whether your accounts have been exposed and change those passwords. You will learn exactly how in a later lesson.

The 80/20 of Staying Safe

Security can feel overwhelming, but a tiny number of habits stop the overwhelming majority of attacks. If you do nothing else, do these five things:

Use a password manager and unique passwords everywhere.
Turn on multi-factor authentication (MFA) on email, banking, and social accounts.
Keep software updated — updates patch the holes attackers exploit.
Think before you click any link or attachment in an unexpected message.
Back up your important files so ransomware cannot hold you hostage.

These five habits are worth more than any expensive product. Everything else in this course builds on top of them.

Using AI to Research Any Threat

The threat landscape changes constantly, so the most useful skill is knowing how to learn fast. AI is excellent for this. Open Claude or Gemini and try:

Explain "credential stuffing" to a complete beginner. Use a simple analogy, then list three concrete things I can do to protect my accounts against it.

Or, when you read a scary headline, paste it in:

I saw a news headline about a "zero-day ransomware attack." Break down each part of that phrase for someone with no security background, and tell me whether it affects an ordinary person like me.

For sourced, up-to-date information, use Perplexity, which searches the live web and cites its sources:

What were the most common cyber attacks against individuals in the past year? Cite recent reputable sources.

Always remember the course rule — AI advises, you verify — and check anything important against an official source like a government cybersecurity agency.

Your Homework for This Lesson

Key Takeaways

Most real-world damage comes from a few threats: phishing, malware, weak passwords, social engineering, and data breaches.
Phishing and social engineering target humans, not machines — slowing down is your best defense.
Five habits (password manager, MFA, updates, careful clicking, backups) stop the majority of attacks.
AI tools like Claude, Gemini, and Perplexity are excellent for researching and explaining any threat.
Verify AI explanations against official sources before relying on them.

Cybersecurity Threats 101

What You'll Learn

The Threats You Will Actually Meet

Phishing

Malware

Weak and Reused Passwords

Social Engineering

Data Breaches

The 80/20 of Staying Safe

Using AI to Research Any Threat

Your Homework for This Lesson

Key Takeaways

Quiz

Cybersecurity Threats 101

What You'll Learn

The Threats You Will Actually Meet

Phishing

Malware

Weak and Reused Passwords

Social Engineering

Data Breaches

The 80/20 of Staying Safe

Using AI to Research Any Threat

Your Homework for This Lesson

Key Takeaways

Quiz