Cyber Sleuth: Which DMs Can I Trust?

Can you identify which direct messages (DMs) from a cell phone may pose a security risk and explain why?


STEM careers

Grade level


Per Individual or Team


Cybersecurity is critical in order to combat increasingly sophisticated threats to ordinary citizens who use cell phones for written communications and social media—which is to say, most of us. Students may not realize the degree to which they too are at risk; why would a criminal after big money bother to install ransomware on their phones? But there are many reasons for malicious actors to infiltrate social media besides money (collecting private information, sending users to a fake login landing page, using the cell phone to infect other users’ phones and computers, to name a few). Cyber threats succeed in part because users don’t know what to look for; in reality, cyber criminals unintentionally present clues.

This activity provides practice and improves students’ ability to recognize when a DM that appears on their phones is a potential security threat.

Success Criteria:

  • List as many clues as possible that indicate a security risk in each DM.
  • Describe practices to protect against each of the the threats identified.


  1. Share this challenge with students:
    Your young cousin is excited about getting their first cell phone! They are active on many social media platforms and are constantly using their new cell phone to check favorite sites, post photos and videos, and share information with their many friends and followers. Lately, though, they have begun to feel a little uneasy. They wonder if there might be something fishy about some of the DMs they’ve been receiving. They ask you to take a look and tell them if you think something is suspicious about the DMs too.
  2.  Have a conversation to get students thinking about their own experiences with cyberattacks:
    • What are some of the scams you’ve heard about that can happen via social media platforms?
    • Have you ever gotten a weird feeling about a DM on your phone? What made you wonder if it was suspicious?
    • When you join a social media platform, do you ever read the information provided about what to expect in terms of being contacted? Have you read the lists of what the DM apps will never ask by contacting you directly?
  3. Go over the success criteria. Divide the students into teams of 2–4 to examine the Which DMs Can I Trust Student Handouts together.
  4. Distribute the list of cyberattacks and preventive measures (in the student handout). Tell students that cybercriminals are called bad actors in the world of cybersecurity, and the students’ job is to outwit the bad actors who are attacking Company X. To begin, ask students to read the descriptions of various kinds of cyberattacks (located on the Handout: Stop the Cyberattacks!).
  5. Ask teams to talk through the list of attacks with each other to make sure they understand how each attack works. As needed, answer questions and clear up any confusion.
  6. Tell teams to read the list of preventive measures (located on the Handout: Stop the Cyberattacks!). First, they should work independently to match potential solutions with attacks. Then tell them to compare notes and discuss differences in opinion. Provide the following hints:
    • The prevention should thwart the goal of the attack.
    • Some preventions work for more than one kind of attack.
    • Some attacks require more than one prevention.
  7. Have the teams share their results, including their reasoning. Next to each attack, list the solutions the teams came up with.
  8. Acknowledge that the solutions are not necessarily obvious, but applying reasoning is a good first step in making the choice an expert would. Then make corrections or additions to the solutions the students came up with and explain why; use the answer sheet as needed.
  9. Ask students which types of cyberattacks were new to them. Which ones do they think are the most dangerous? What steps will they take to protect their own computers and data?

Engineering & science connections

  • Did you know some people spend their whole career on cybersecurity? Cybersecurity engineers, sometimes called information security engineers, identify threats and vulnerabilities in networks, computers, and software. They help recover information from and secure systems that have been compromised, as well as developing high-tech solutions to defend against hacking, malware and ransomware, identity theft, and other types of cybercrime. If you like doing puzzles and working with computers, this could be a great job for you.
  • The Internet of Things (IoT) describes the network of physical objects—“things”—that are embedded with sensors, transceivers, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet. The more devices are connected via the Internet, the more loT attacks occur because there are so many weaknesses that provide entry points. From one entry point, the attacker gains access to the other connected devices—cell phones, laptops, smartwatches, smart thermostats, garage door opener apps, to name a few. Then they can target the student on a cell phone with fake websites and DMs. More than half of loT devices are vulnerable to attacks! The FBI reported a 300% increase in reported cybercrimes during the COVID-19 pandemic because people were working from home and the scams proliferated.

This activity was created in partnership with Northrop Grumman Foundation.


  1. Claire

    I was hoping to use this activity but I can’t find all of the handouts – stop the cyberattacks sheet.

    • Thea Sahr

      Hi Claire – The student handouts are in the material section and linked to in the instructions section. Anything you see in green on our website is a link. Sorry if that wasn’t clear.

  2. Cisco Velasquez

    I cannot find the link for the “Stop the Cyberattacks!” handout anywhere on this page.

    • Pedro Razo

      Hi Cisco- The student handouts are in the material section and linked to in the instructions section. Anything you see in green on our website is a link.


Submit a Comment

Your email address will not be published. Required fields are marked *