Digital Literacy
Lessons
-
Digital Mindset, Device Hygiene & Wellbeing
-
Accounts & Cloud Basics (Sign-in, Sync, Backups)
-
File Management & Naming (Folders, Versions)
-
Docs for Writing & Collaboration
-
Sheets for Data Basics (Tables, Formulas, Charts)
-
Slides for Clear Presentations (Design & Delivery)
-
-
Calendar & Scheduling (Time Blocks, Reminders)
-
Online Safety & Professional Identity (Phishing, Permissions, Footprints, Profile)
-
Search Skills & Source Evaluation (Fact-check, Cite)
-
Collaboration & Permissions (Sharing, Version Control)
-
Workflow with AI Assistants (Attempt → Hint → Verify → Produce)
Online Safety & Professional Identity (Phishing, Permissions, Footprints, Profile)
Lesson
9
Why This Lesson Matters
One wrong tap can cost money, files, or your reputation. Most scams today arrive as messages you trust—a parcel notice, a “bank alert,” a job offer, a QR request from a “friend.” At the same time, opportunities arrive online too: a teacher checks your portfolio, a manager scans your profile, a client Googles your name. This lesson protects both sides of your digital life: safety (phishing, permissions, and account security) and professional identity (a clean, simple profile that earns trust).
In Sri Lanka, many learners are mobile-first and share devices at labs or print shops. That makes permissions hygiene, 2FA, and PDF discipline even more important. Your goal here is calm: know how to spot a trap, and know how to present yourself professionally.
“If a message pushes you to hurry, slow down.”
Step 1: Phishing Sense—Verify in Your Own Way
Phishing works by borrowing trust. The logo looks familiar; the name looks right; the link looks almost right. Train one reflex: don’t prove the sender right—prove them wrong. You do this by verifying in your own way.
Your 10-second check:
Name check: Is the sender exactly who you expect, or “close enough”?
Link check: Long-press to preview. Do not tap. Real addresses are clean; fakes are long or misspelled.
Ask yourself: “Who benefits if I act fast?” If the answer is “they do,” pause.
Use the official path: Open the bank/shipping app yourself or type the known website, don’t follow the link.
Never share OTP/PIN/recovery codes with anyone. Banks and platforms never ask for OTP by chat or call.
“Trust your habits, not their urgency.”
The Golden Rule
Attempt → Hint → Verify → Produce also protects you online. Attempt = pause and think. Hint = check a second source. Verify = official app/site. Produce = only then act.
Step 2: Permissions Hygiene—Least Access, Least Noise
Your phone knows a lot. Apps ask for camera, mic, location, contacts, notifications, files—often more than they need. Give minimum necessary access and review often.
Do this monthly:
Camera/Mic: allow While using the app (rarely Always).
Location: most apps don’t need it; set Don’t allow or While using.
Files/Photos: prefer Selected photos or Add files instead of full library.
Contacts/SMS/Call logs: usually No unless it’s your dialer/messenger.
Notifications: silence promos; keep only calendar, banking, reminders.
On shared PCs, assume the machine remembers. Use Guest/Incognito, download PDFs only, sign out, clear Downloads, close the window.
Step 3: Two-Factor Everywhere That Matters
You enabled 2FA for your cloud in Lesson 2. Extend it to email, messaging, social, and finance apps. Store backup codes in Assets/Security and on paper at home. If a SIM is replaced or a phone is lost, these codes are your lifeline.
If you receive a “security alert,” don’t click the link inside. Open the official app and check Security → Recent activity. If something is wrong, change your password and sign out of other sessions.
Step 4: Footprint Sweep—Clean What Google Shows
Type your name + city/school into a search engine. Open the first 2–3 pages of results.
Old posts/photos: if public and unhelpful, set to Private or remove.
Tags: untag yourself where appropriate; ask friends politely to remove or hide.
Usernames: if handles are unprofessional, switch to real-name or initial-based handles for learning/work accounts.
Bio lines: update to a short, positive line (“O/L student | Budgets & biology | Building a study portfolio”).
A clean footprint helps teachers, interviewers, and customers see your best work first.
Step 5: Build a Simple Professional Profile (Public or Private)
You can use LinkedIn or create a Professional Profile Doc inside your portfolio (for those who prefer privacy). Start small and clean:
Three parts only (to begin):
Photo: clear, front-lit head-and-shoulders (no heavy filters).
Headline: who you are + what you do (or seek).
50-word bio: what you’re learning, what you’ve built, and what you want next.
Example 50-word bio: “I’m an O/L student interested in data and community projects. I track weekly budgets in Sheets, write one-page briefs, and present 5-slide summaries. I’m building a digital portfolio with Idasara and seeking part-time roles in admin or tutoring. Reliable, on time, and eager to learn.”
Add 3 skills (e.g., Docs, Sheets, Slide decks), 1–2 artifacts (view-only links to your Brief_v3 or Mini-Deck), and a contact method (email). Keep the rest private until needed.
Bad vs Better — Identity & Safety
Item | Bad | Better |
Messages | Tapping unknown links | Opening official app/site yourself |
OTP | Sharing with “support agent” | Never share; enter only in official app |
Permissions | “Allow all, always” | Minimum access; monthly review |
Profiles | No photo, vague bio | Clear headshot, 50-word bio, 3 skills |
Links | Editable masters | View-only PDFs + clean link |
Usernames | Nicknames everywhere | Real-name handle for study/work |
Step 6: Common Scenarios (Sri Lanka-ready)
Parcel/Customs scam: A message says “pay small fee to release parcel.” Don’t click. Use the courier’s official app/site or ignore.
Job offer scam: Requests upfront payment or asks you to move to a private chat immediately. Real jobs don’t charge fees.
Friend asks for QR/OTP: Call them. Accounts get hijacked; voice-verify before you pay or share codes.
Campus Wi-Fi: Treat as public. Avoid banking; use a VPN if possible; prefer mobile data for sensitive work.
Print shops: PDF only; sign out; clear Downloads.
“When in doubt, verify out of band—through a different channel you control.”
Step 7: Save Help Before You Need It
Create a small note called Emergency Contacts (Doc) with:
Your bank hotline, mobile operator, and device serial numbers
Steps to freeze cards and log out of sessions
Your backup codes location (not the codes themselves)
Store it in Assets/Security and share a printed copy with a trusted adult.
Essentials vs Nice-to-Have
Essentials (today) | Nice-to-Have (later) |
2FA on major accounts | Password manager for all sites |
Permissions review monthly | Separate “creator” and “personal” social accounts |
Footprint sweep | Custom domain for portfolio |
Professional photo + 50-word bio | Simple personal site (1-page) |
View-only links to artifacts | Watermark on public PDFs (if needed) |
Exercises: Make It Real
Exercise 1 — Safety Checklist (20–25 min)
Turn on 2FA for email + cloud + at least one social.
Review permissions for top 10 apps (camera/mic/location/files/notifications).
Save bank/operator hotlines; write where backup codes are stored.
Screenshot: 2FA enabled, permissions screen, and “Find My Device” on.
Exercise 2 — Footprint Sweep (15–20 min)
Search your name + city/school.
Make three changes (e.g., set old album to Private, update bio, remove an unwanted tag).
Capture before/after notes.
Exercise 3 — 50-Word Bio + Headline (15 min)
Write your headline and 50-word bio.
Add 3 skills and 2 artifact links (view-only) from your portfolio.
Either publish to a profile or save as Professional Profile (Doc).
Exercise 4 — Red-Flag Drill (10 min)
Paste a fake message you recently saw into a Doc (remove names).
Under it, write 3 red flags and how you would verify safely next time.
Quick Win Turn off promotional notifications for shopping and social apps now. Your attention is your best antivirus.
Artifact to Produce
Safety Checklist (Doc + screenshots) showing:
2FA on, 2) permissions review done, 3) Find My Device on, 4) hotlines saved (blur sensitive data).
Profile Snapshot/Link: either a link to your public profile or a PDF export of your Professional Profile (Doc) with photo, headline, 50-word bio, 3 skills, and 2 artifact links.
Save exports in Outputs: YYYY-MM-DD_Safety-Checklist_V1.pdf YYYY-MM-DD_Professional-Profile_V1.pdf (if using the Doc route)
Self-Verification (SV) Checklist
2FA enabled on email + cloud (+1 social)
Backup codes stored (PDF + paper)
Permissions trimmed (camera/mic/location/files/notifications)
Find My Device on; device visible in account
Emergency Contacts note created (without sensitive codes)
Footprint sweep completed; 3 improvements made
Professional photo added (clear head-and-shoulders)
Headline + 50-word bio written and saved
3 skills + 2 artifacts linked as view-only
Safety Checklist and Profile Snapshot/Link exported to Outputs
Mobile Tip (Android & iOS)
Permissions: Settings → Privacy → Permission Manager (Android) / Settings → Privacy & Security (iOS). Review Camera, Microphone, Location, Photos, Contacts, Bluetooth.
2FA: Prefer Authenticator app over SMS when possible.
Profile photo: Face the light (window), neutral background, crop square, check in PDF preview.
View-only links: From Drive, Share → Viewer; test link in Incognito before sending.
Stuck? Fast Fixes
Clicked a bad link? Turn on Airplane mode; don’t enter data. Open the official app separately, change your password, and sign out of all sessions.
Shared OTP by mistake? Call bank/operator to block services; change passwords; check Recent activity.
Can’t remove old content? Set to Private, untag yourself, or replace with a newer post.
Too many friend requests? Lock down privacy; only accept people you know; switch to a professional profile for public updates.
Common Roadblocks (and simple fixes)
If you still get hooked by urgent messages, pre-write a pause sentence in your notes: “Thanks—I'll check via the official app.” Paste that instead of tapping the link. If your profile feels empty, start with one artifact (your Brief_v3 PDF). Quality beats quantity. If managing multiple identities is confusing, keep one private personal account and one professional profile—do not mix.
“Safety is a habit. Professionalism is a habit. Build both, one small setting at a time.”
Keeping Yourself Motivated
You’ll feel lighter the moment you trim notifications and turn on 2FA. You’ll feel proud when your search results show a clean, simple profile and a real artifact you made. Add two lines to your portfolio README: “2FA + permissions audit done,” and “Published a 50-word bio with two artifacts.” These aren’t just settings; they’re signals that you’re ready for trust and opportunity.
Your First Step Is Complete
You can now spot phishing, limit permissions, lock accounts with 2FA, clean your footprint, and present a professional identity. Your Safety Checklist and Profile Snapshot/Link are saved in Outputs, and your online life is both safer and clearer.