Password Problems
You find a sticky note under your coworker's keyboard with "Admin123!" written on it. What's the first thing wrong here?
Password is written down in plain sight (also: weak password, likely shared account)
You get an email from "microsoftsupport@outlook-secure.com" asking you to verify your account. What's the red flag?
Domain is suspicious - not from official @microsoft.com domain
You're at a coffee shop and see two networks: "Coffee_Shop_WiFi" and "Coffee Shop Free WiFi". Which is safer to join?
Neither until you ask the staff - one could be an evil twin attack
Someone calls your office claiming to be from IT and asks for your password to "fix a problem." What do you do?
Never give your password - IT should never ask for it. Hang up and call IT directly.
You're selling your old laptop on Facebook Marketplace. What must you do before handing it over?
Factory reset/wipe the hard drive completely (or use secure erase tools)
Your friend uses "Volleyball2024!" for their email, Instagram, bank, and school portal. What should they do differently?
Use unique passwords for each account.
Your "bank" emails you about suspicious activity with a link. What should you do instead of clicking?
Go directly to the bank's website or app yourself, or call the official number
You're connected to airport Wi-Fi and need to check your bank account. What should you do first?
Use a VPN, or wait until you're on a trusted network
You get a friend request on Facebook from your best friend, but you're already friends with them. What's happening?
Someone cloned their account (possibly to scam their friends) - report it and tell your friend
Your phone is stolen at a concert. What's the first thing you should do remotely?
Use Find My iPhone/Android Device Manager to lock and/or wipe it
A website you're signing up for rejects your password "My$ecureP@ss2024". What security feature is this site likely missing?
They have a password length limit which is not very cybersecure...
You receive a text: "Package delivery failed. Confirm address: [link]" but you haven't ordered anything. Your roommate might have though. What do you do?
Ask your roommate first, then check the official shipping company's website/app directly - don't click the link
Your neighbor offers you their Wi-Fi password since "they're not using all the bandwidth anyway." What are two reasons this is risky?
They could see your traffic/activity, and you could be blamed for anything illegal they do
A person in a delivery uniform follows you into your secure office building carrying packages. They don't badge in. What should you do?
Politely ask them to check in at reception/security desk (tailgating is a common physical security breach)
You're working on a confidential document at a café. Someone asks if they can sit at the empty chair at your table. What should you consider?
Shoulder surfing risk - they could see your screen. Use a privacy screen or reposition yourself
You receive an email: "Your password will expire in 24 hours. Click here to reset." Your company doesn't have password expiration policies. What do you do?
Report it as phishing - don't click the link, verify through official channel
An email from your "boss" at 2am asks you to urgently buy gift cards for a client and send the codes. The email address looks correct. What's suspicious?
Unusual request, odd timing, urgency/pressure, and payment method
You notice your home Wi-Fi is named "NETGEAR" with the default password still set. Why is this dangerous?
Default credentials are publicly known - anyone can look them up and access your network
You find a USB drive in the parking lot labeled "Employee Salaries 2024." What should you do?
Don't plug it in! Turn it in to security - it could contain malware (this is called a "USB drop attack")
Your company uses Google Drive to share documents. A coworker sends you a link set to "Anyone with the link can edit." What's the risk?
If the link leaks, anyone (even outside the company) can access and modify the document
A colleague says they use "correcthorsebatterystaple" as their password and refuses to add special characters. Are they wrong?
No - length and randomness matter more than complexity; this is actually a strong password (16+characters, unpredictable words)
You get a LinkedIn message from a recruiter at Google offering an interview. Their profile looks legitimate with 500+ connections. What should you verify before responding?
Check if the profile is newly created, verify connections are real people, search for the person on Google's actual site, or reach out through official Google careers channels
You're setting up a home router and it asks if you want to disable WPS (Wi-Fi Protected Setup). Should you disable it? Why?
Yes - WPS has known vulnerabilities that make it easier to crack Wi-Fi passwords, even strong ones
You receive a voicemail from "Amazon Security" saying your account has been charged $799 for an iPhone. Press 1 to dispute. The caller ID shows an Amazon number. What's the attack?
Vishing (voice phishing) with caller ID spoofing - hang up and check your Amazon account directly
You need to send your Social Security number to your new employer's HR. They request it via email. What's the safer alternative?
Use a secure file sharing system, encrypted email, or deliver it through their secure HR portal - never plain email