Phishing or Fishing?
You get an email from Trev0r@heritagehl.com saying to click a link to verify payroll info.
What should you check first?
The email address — even one character off (like trev0r) can be phishing.
What type of malware locks your computer and demands payment?
Ransomware
Is “Heritage2025!” a strong password? Why or why not?
NO. It's based on the company and year making it easy to guess.
What is “tailgating” in cybersecurity?
When someone follows you into a secured building without a badge.
What’s the risk of posting your birthday or pet’s name online?
Hackers can use those as answers to security questions or to guess passwords.
An email says “Click here to claim your refund,” but you weren’t expecting one. What’s the red flag?
Unexpected reward or urgency — classic phishing tactic.
This type of malware hides inside something that looks safe, like a file or app.
Trojan Horse.
Why should you avoid using the same password across multiple sites?
If one site is hacked, all your accounts are at risk.
Someone calls pretending to be IT and asks for your login. What should you do?
Hang up and report it — IT will never ask for your password.
You tag your workplace, birthday, and favorite team in your bio. What’s the risk?
It makes it easier for hackers to guess security questions or impersonate you.
You hover over a link and see a weird web address that doesn’t match the company. What should you do?
Don’t click it — it’s likely a phishing link.
This malware tracks everything you type, including logins and passwords.
Keylogger.
What’s a safer alternative to memorizing complex passwords for every account?
Use a password manager or vault.
What’s “shoulder surfing”?
Watching someone type their password or view sensitive info over their shoulder.
Why is it risky to share your kids’ school name or vacation location on social media?
It gives strangers info about your habits and schedule, making you a target.
What’s “spear phishing”?
A targeted phishing attempt aimed at one specific person or role, like a manager or CEO.
What’s the difference between a virus and a worm?
A worm spreads on its own; a virus needs a host program to spread.
What does MFA stand for and why is it important?
Multi-Factor Authentication — adds an extra layer of protection beyond just a password.
You get an emotional message from a “friend” asking for money via Venmo. What might this be?
A social engineering scam using a hacked or fake account.
You post a photo of your desk with your monitor and ID badge visible. What’s the risk?
Sensitive information could be seen and misused (badge ID, screen info, etc.).
How can you report a suspected phishing attempt at work?
Forward to Aubrey, use a phishing report button/mark as spam, or report to a manager.
What is “ransomware as a service” (RaaS)?
Cybercriminals sell or lease ransomware tools to others — like a subscription crime model.
What’s one reason “P@ssw0rd!” is not a good password even though it looks complex?
It’s a commonly used pattern and easily cracked by hackers.
A hacker finds your job title, email, and coworkers' names on LinkedIn. What kind of attack could they plan using that info?
Spear Phishing Attack - send a fake but convincing email pretending to be a coworker or manager.
You post a picture of your airline ticket before a trip. What could go wrong?
Scammers can use the barcode or booking number to access your travel details — or even cancel or change your reservation.