Phishing & Social Engineering
Password Power
Device Defense
Cyber Hygiene Essentials
Recognizing Red Flags
100

This type of phishing attack uses a sense of urgency to trick you into clicking a link or providing personal information.

Phishing Emails
100

For security, it’s advised that you avoid using this type of personal information in your password, like your birthdate or pet’s name.

What is personal information?

100

One of the easiest ways to protect your devices is to keep this feature turned on to prevent unauthorized access if it’s lost or stolen.

What is locking your screen?

100

Regularly running this type of software on your computer helps detect and remove viruses and other malicious programs.

What is antivirus software?

100

One way to check if an email is truly from a legitimate sender within your company is to verify this part of the email address.

What is the domain (e.g., @company.com)?

200

When you receive an unexpected email asking for your login credentials, the safest first step is to do this.

Report using the phishing button.

200

This practice makes it much harder for attackers to access your account, even if they know your password

What is Multifactor Authentication? 

200

Before connecting your device to charge, it’s safest to use this type of USB port to avoid potential malware from unknown sources.

What is a trusted or personal USB port (like one on your own computer or charger)?

200

When visiting websites, look for this symbol in the browser's address bar to verify the site’s security before entering personal information.

What is a padlock icon?

200

If you receive an unexpected email from a colleague asking for sensitive information, it’s best to do this before responding.

What is confirm with the sender directly, using a known method like a phone call or in-person?

300

Before clicking on a link in an email, a good practice to check if it’s legitimate is to do this with your cursor.

Hover over the link to see the full URL

300

To create a strong password, it’s best to use a combination of these four types of characters.

What are uppercase letters, lowercase letters, numbers, and special characters?

300

Connecting to this type of network, commonly found in airports or coffee shops, can increase the risk of unauthorized access to your device.

What is public Wifi?

300

To reduce the chance of accidentally downloading malware, avoid clicking on these that often appear in pop-up ads or untrusted websites.

What are suspicious or "free download" links?

300

If an email claims to be legitimate but is missing the company's signature style or branding, it may be a sign of this.

What is a compromised or spoofed email?

400

When you receive an email from a familiar name, a quick way to check if it’s legitimate is to do this with the sender's email address.

What is check the full email address for unusual characters or misspellings?

400

This type of tool can help you securely store complex passwords without needing to remember them all.

What is a password manager?

400

To ensure that your device has the latest security protections, it’s important to regularly perform this action when prompted by your operating system.

What is updating or patching?

400

This practice ensures that sensitive data is not accessible to unauthorized users by removing unnecessary copies and files.

What is data sanitization?

400

If you’re on public Wi-Fi and notice unexpected redirects or login prompts for websites, it could be a sign of this type of cyberattack, where an attacker secretly intercepts your communication.

What is a Man-in-the-Middle attack?

500

Attackers often use public information from social media to craft targeted emails that seem personal and familiar. This is an example of which technique?

Social Engineering

500

This technique, which involves combining random words into a long but memorable phrase, is recommended for creating strong passwords.

What is using a passphrase?

500

This feature encrypts the data on your device, making it unreadable to unauthorized users if the device is lost or stolen.

What is device encryption?

500

This practice involves limiting the personal or work information you share on social media to reduce the risk of being targeted by social engineering attacks.

What is minimizing your "digital footprint"?

500

If you're unsure about an email’s legitimacy, a safe step is to compare the sender’s email details with previous verified communications or use this resource to confirm its authenticity.

What is reaching out to the IT or security team for verification?

M
e
n
u