Phishing
Passwords
Threats
Adversaries
Lucky Dip
100

An online scam which aims to steal personal information through deceptive messages.

What is Phishing?

100

An application used to store and generate strong passwords for multiple accounts.

What is a Password Manager?

100

Attempting to gain unauthorized access to a computer system or application, to disrupt, damage or steal.

What is Hacking?

100

Hackers motivated by financial gain, often utilising Phishing, Ransomware, and exfiltration of data.

What is a Cyber-criminal?

100

Open-source Intelligence

What is OSINT?

200

A feature in Outlook used to report suspicious emails to IT and remove them from an inbox.

What is the Phishing Alert Button (PAB)

200

Length, randomness, uniqueness

What makes a password strong?

200

Malicious software designed to harm or exploit any programmable device, service or network.

What is Malware?

200

A government-sponsored group that conducts cyber espionage and attacks.

What is a Nation-state actor?

200

A copy of data used for recovery in case the original data is lost or corrupted.

What is a Backup?

300

A security feature designed to block potentially malicious emails and allow them to be inspected.

What is Quarantine?

300

A password made up of a series of ideally random words.

What is a Passphrase?

300

Malware designed to replicate itself and spread from one device to another, often causing widespread damage.

What is a Virus/Worm?

300

A group or individual who attacks systems for political or social reasons, often to bring attention to a cause.

What is a Hactivist?

300

An additional layer of security that requires 1 or more factors in addition to a password to sign into an account.

What is Multi-factor Authentication?

400

A type of cyber attack where attackers use fraudulent QR codes to trick victims into visiting malicious websites or downloading harmful software.

What is Quishing?

400

Using a leaked username and password from one account to attempt to access other accounts.

What is Credential stuffing

400

An incident where sensitive information is accessed or disclosed without authorization, often involving personal, financial, or corporate data.

What  is a Data breach

400

A group or individual who engages in cyber attacks for ideological, religious, or political reasons, sometimes with extreme motivations.

What is a Cyber-Terrorist?

400

Something you know, something you have, something you are

What are the categories of security factors?

500

A Phishing attack which targets high level executives or important individuals within an organisation.

What is Whaling?

500

A method used by attackers to crack passwords by systematically entering every word in a pre-defined list (or "dictionary") of likely passwords. Such lists consist of millions of genuine passwords from data breaches.

What is a Brute force/Dictionary attack?

500

Malware designed to encrypt data, making it unusable to its owner, in order to demand a payment to release the decryption key.

What is Ransomware?

500

A current or former employee with access to an organization's systems and data.

What is an Insider Threat?

500

The process of converting information or data into an unreadable code, especially to prevent unauthorised access.

What is Encryption?