Red Flags You Missed
Consequences You Faced
100

The email looks like it’s from your boss, using their name, but it asks you to buy gift cards immediately and send the codes to a personal email address. What unusual request should have made you suspicious?

The request to purchase gift cards, especially when combined with a demand for immediate action and sending the codes to a non-company email.

100

Because you gave your login details to a fake website, someone was able to access your online banking and transfer money out. What was the direct result of sharing that sensitive information?

Financial loss due to unauthorised access to your accounts.

200

This message about a problem with your online account includes a link and says, “act now or lose access!” What feeling is this message trying to create that should make you pause and think?

A sense of urgency or fear of missing out, which phishers often use to pressure people into acting without thinking.

200

After clicking a link in a suspicious email, your computer started running very slowly and displaying strange pop-up messages. What harmful thing might have been installed on your device?

Malicious software or a virus that can disrupt your device’s operation and potentially steal information.

300

You get an unexpected email from a company you do business with, but it addresses you with a general greeting like “Dear valued customer” instead of your name. Why is this impersonal greeting a potential warning sign?

Legitimate businesses you know usually personalise their communications with your name. A generic greeting can indicate a mass phishing attempt.

300

Falling for a scam where someone pretended to be tech support led to you giving them remote access to your computer. What serious risk did you expose yourself to?

The risk of having your personal files accessed, your information stolen, or even further malicious software installed.

400

The email promises you a large sum of money or a valuable prize if you click a link and provide some personal information. What common tactic is being used here to lure you in?

The promise of something too good to be true, often used as bait in scams.

400

Because you clicked on a link that looked like a login page for your work email, your company’s internal documents were accessed by unauthorised individuals. What kind of information was likely compromised?

Sensitive company data, which could include confidential projects, employee information or financial details.

500

This email pretends to be from a well-known delivery company and says you missed a package. It asks you to click a link to reschedule, but the link looks nothing like the real company’s website. What type of phishing tactics often uses fake delivery notifications?

Smishing or general phishing

500

Sharing personal information in response to a phishing message led to someone using your identity to open fraudulent accounts in your name. What is this serious consequence called?

Identity theft