Digital privacy: giving advice about online security
B2
90 min
Premium
1
Think about these questions before reading. Share your ideas with a partner.
How has your approach to sharing personal information online changed over the last few years?
If a less tech-savvy relative asked for your single most important piece of advice to stay safe online, what would you tell them and why?
To what extent should companies be responsible for protecting users' data, versus it being the individual's own responsibility?
2
Dodgy Email
Listen to the dialogue. Notice how the vocabulary and grammar from the lesson are used.
3
Key vocabulary
Vocabulary
These expressions will help you discuss digital privacy and online security more effectively.
Examples
Phishing scam — a fraudulent attempt, usually by email, to trick you into revealing personal information like passwords or bank details.
Usage note: This is a very common term. You can 'be targeted by' or 'fall for' a phishing scam.
To fall for something — to be deceived by a trick or lie and believe it is true.
Usage note: This is a common, informal phrasal verb. For example, 'I can't believe I almost fell for that fake text message from my bank.'
A red flag — a sign or signal that indicates a potential problem, danger, or something suspicious.
Usage note: We often say something 'raises a red flag'. For example, 'An email full of spelling mistakes should raise a red flag.'
To beef up security — to strengthen or improve security measures.
Usage note: This is a slightly informal but very common expression. You can 'beef up your passwords' by making them more complex, or a company can 'beef up its data protection'.
Better safe than sorry — an expression used to say it's wiser to be cautious than to take a risk that you might regret later.
Usage note: This is a common proverb used when giving advice. 'You should probably delete that email without opening it. Better safe than sorry.'
4
Complete the sentences with words from the box. One word is extra.
Word bank
01Many people receive emails that are part of a campaign designed to steal their login credentials.
02An email demanding immediate action and containing spelling mistakes should be a major .
03After the recent data breach, the company decided to its online security with new software.
04The scam was so convincing that even tech-savvy users might it if they weren't careful.
05Hackers often look for a in a system's code that they can use to gain unauthorized access.
5
Grammar: Mixed conditionals
Grammar
Mixed conditionals combine parts of different conditional types. We often use them to talk about a hypothetical past action and its result in the present, which is perfect for discussing the consequences of our online security choices.
Examples
If I had used a stronger password, my account wouldn't be at risk now.
This common structure (If + past perfect, would + infinitive) connects an imagined past action with a present result.
If you hadn't clicked on that suspicious link, you wouldn't be dealing with this identity theft issue today.
This is different from the third conditional, which has a past result (e.g., '...you wouldn't have installed the malware').
We would still have access to our files if the company had backed up its data properly last week.
The main clause (with 'would') can also come first. Notice the comma is not needed when the 'if' clause is second.
Key points
The 'if' clause describes an unreal past: If + past perfect (e.g., had listened).
The main clause describes an unreal present result: would + base verb (e.g., would know).
A common mistake is using 'would' in the 'if' clause. Always use the past perfect.
6
Spot the mistake
Read the sentences below. Each one has a single error related to grammar or vocabulary. Can you find and fix it?
Each sentence contains one error. Find and correct it.
01I can't believe he fell on that phishing scam; it was so obvious.
Corrected version
I can't believe he fell on for that phishing scam; it was so obvious.
02If I would have known it was a scam, I wouldn't have clicked the link.
Corrected version
If I would have had known it was a scam, I wouldn't have clicked the link.
03You really need to strong your passwords to beef up your security.
Corrected version
You really need to strong strengthen your passwords to beef up your security.
04That email is full with red flags; you should delete it immediately.
Corrected version
That email is full with of red flags; you should delete it immediately.
05It's better to be safe then sorry when you receive an unexpected attachment.
Corrected version
It's better to be safe then than sorry when you receive an unexpected attachment.
06I suggest to change your passwords every few months for better protection.
Corrected version
I suggest to change changing your passwords every few months for better protection.
07A urgent tone in an email from your bank is often a red flag.
Corrected version
A An urgent tone in an email from your bank is often a red flag.
7
Useful phrases: warning a friend about a potential online risk
Vocabulary
Imagine a friend is about to click a suspicious link or share too much information online. Here are some natural ways to warn them and offer advice without sounding alarming or critical.
Examples
"I'm not sure that's a good idea..." — to gently express doubt or concern
Register: informal/neutral. Use this to introduce your concern without being too direct. It invites the other person to ask 'Why?'
"That looks a bit dodgy to me." — to state that something seems suspicious or untrustworthy
Register: informal. 'Dodgy' or 'sketchy' are great natural words for this. Use it when something immediately feels wrong to you.
"If I were you, I'd steer clear of that." — to give strong, direct advice
Register: neutral/informal. 'To steer clear of something' means to avoid it. This phrase uses the second conditional, which is perfect for giving hypothetical advice.
"You could end up having your details stolen." — to explain a specific negative outcome
Register: neutral. This is a clear and factual way to state the potential consequences, making your advice more persuasive.
"Why don't you just delete it?" — to suggest a simple, safe course of action
Register: informal/neutral. This is a common, friendly way to make a suggestion. It's less forceful than a command like 'Delete it'.
"It's always best to err on the side of caution." — to summarise your advice with a general rule
Register: neutral. This is a slightly more formal way of saying 'Better safe than sorry'. It means it's wiser to be careful than to take a risk.
8
Choose the best answer for each question about online security.
01Your friend receives an email claiming they've won a lottery they never entered. What would be the best advice to give them?
02What is the primary purpose of enabling two-factor authentication (2FA)?
03If a company announces it has experienced a 'data breach', what has most likely happened?
04Which of the following is NOT a recommended practice for creating a strong password?
9
A close call online
Read the passage below, then answer the comprehension questions.
My friend Alex recently received a direct message on social media from what looked like his favourite clothing brand, announcing he'd won a prize. The message asked him to click a link to claim it. He almost fell for it, but one detail seemed off: the brand's name was slightly misspelled in the sender's username. That was the red flag he needed. It was a classic phishing scam designed to steal his login credentials. If he hadn't been paying close attention, he would have clicked the link without a second thought. The experience prompted him to beef up his security across all his accounts, enabling two-factor authentication everywhere he could. As he told me later, when it comes to online accounts, it's always better safe than sorry. A free t-shirt isn't worth the risk.
01What was the main purpose of the fraudulent message Alex received?
Sample answerThe purpose was to steal his login information through a phishing scam.
02What specific detail made Alex suspicious of the message?
Sample answerHe noticed that the brand's name was misspelled in the sender's username.
03According to the passage, what action did Alex take after this incident?
Sample answerHe decided to improve his online security by enabling two-factor authentication on his accounts.
04What can be inferred about Alex's attitude towards online security before this event?
Sample answerIt can be inferred that he might have been less cautious before, as the experience prompted him to improve his security measures.
10
Discuss these questions with a partner. Try to use vocabulary from the lesson.
Imagine a friend or family member in your country fell for a phishing scam. What do you think the common reaction would be — sympathy, or a feeling that they should have known better? How does this cultural attitude affect how openly people discuss online security?
To what extent should individuals be willing to sacrifice convenience to beef up their online security? Is the 'better safe than sorry' approach always practical, or is there a point where security measures become too burdensome for everyday life?
If you were designing a public awareness campaign about online security, what are the top three red flags you would teach people to spot? How would you present this information to ensure even less tech-savvy people wouldn't fall for a scam?