Safety First
Gone Phishing
OIS Please
Password Puzzle
Name That Threat
100

According to Microsoft, enabling this simple feature for your accounts can block 99.9% of account takeover attacks

Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA)

100

What percent of cyber attacks begin with a phishing email?

80-90%

100

Everyone with a WBG email address is required to complete this, every year

Cybersecurity Awareness Course

100

Despite the obvious dangers, this self-evident password remains the most commonly used password in 2023

Password

100

These bad programs or codes are created with the intent to do harm to a computer, network or server

Malware

200

Setting these to install automatically is perhaps the most effective way to keep your device protected from malware

Updates

200

The goal of a phishing attack is to get the recipients to do one of these two things

Click a link or Download and Attachment

200

What does OIS stand for?

Office of Information Security

200

These virtual assistants create and remember your passwords, so that you don't have to

Password Managers

200

This highly effective type of attack doesn't involve sophisticated tools at all. Cybercriminals instead try to trick their targets into giving away sensitive information by pretending to be someone they are not

Social Engineering

300

When in doubt, reach out! Forward all suspicious messages sent to your WBG email to this address

infosec@worldbankgroup.org

300

Who's there? This rapidly emerging technology is supercharging phishing attacks by giving hackers a cheap and easy way to craft more professional, or more personal attacks by using tools such as deepfakes or voice cloning

Artificial Intelligence (AI)

300

This tool consisting of a set of buttons found at the top of your emails and Office documents, allows you to classify and protect WBG restricted information that you create

TagIt

300

These sentence-like sequences of words and characters are like passwords, but longer and more secure, while having the benefit of being easier to remember

Passphrase

300

Oh snap! Cybercriminals "like" using these popular public sites or apps for their attacks, as their targets tend to be less guarded when scrolling and posting

Social Media

400

When traveling, connect your laptop to the internet using this feature on your smartphone, instead of connecting to a risky public WiFi network

Hotspot

400

In this common phishing technique, the cybercriminal disguises an email address, display name, phone number, text message, or website URL to convince a target that they are interacting with a known, trusted source. This often involves changing just one letter, number, or symbol of the communication so that it looks valid at a quick glance

Spoofing

400

These special keys are needed to access WBG resources from a personal PC

YubiKey

400

You can use this website to find out if your password has been compromised in a major data breach

400

Backup or Pay-up. In this type of attack, cybercriminals infect a device or network, and then demand that the owner pay a fee for the return of the data

Ransomware

500

After purchasing a smart device that will connect to your home network (such as a router or home security system) immediately do this

Change default password

500

Go to this page on the Office of Information Security site to view real-life examples of phishing attacks on WBG staff

phishtank/

500

Go here on the OIS site to find more in depth stories, announcements and tips on cyberesecurity

Security Corner

500

This type of cyberattack occurs when the attacker uses a list of previously compromised credentials to find one that's been re-used for a targeted account

Credential Stuffing Attack

500
Phishing attacks that come by phone are referred to as either

Vishing or Smishing

M
e
n
u