The Human Factor in Cybersecurity

Think Like an Attacker. Respond Like a Defender.

Spot the Red Flags

Read the email carefully. Click anything that seems suspicious. Some clues are obvious, but others require closer attention.

Red flags found: 0/6

Decision-Based Cybersecurity Scenarios

Read each scenario, decide what you would do, then open the answer to check your response.

MFA Code Request

A caller claiming to be IT asks for the MFA code that just appeared on your phone.

Reveal safest response

Hang up and contact the official help desk.

Never share MFA codes. Real IT should not ask for passwords or verification codes.

Fake Payroll Email

An email says your direct deposit information must be updated before the end of the day.

Reveal safest response

Go directly to the official payroll portal.

Do not use unexpected email links for financial or employee account updates.

Suspicious Attachment

An unknown sender sends an attachment named Invoice_Review.pdf.exe.

Reveal safest response

Do not open it. Report it as suspicious.

Executable files disguised as documents can install malware.

CEO Gift Card Request

A text from someone claiming to be your CEO asks you to buy gift cards urgently.

Reveal safest response

Verify through a known company contact method.

Attackers use authority and urgency to pressure people into quick action.

QR Code Login

A QR code in the office says employees must scan it for mandatory training.

Reveal safest response

Use the official training portal instead.

QR codes can lead to fake login pages designed to steal credentials.

Tech Support Pop-Up

A browser alert says your computer is infected and gives you a number to call.

Reveal safest response

Close the tab and contact official support if needed.

Fake support pop-ups use fear to trick users into calling scammers.

Shared Document Link

A document-sharing email opens a login page with an unfamiliar URL.

Reveal safest response

Check the sender and URL before logging in.

Fake document pages are common credential theft tools.

Social Media Impersonation

A friend messages you asking for a verification code sent to your phone.

Reveal safest response

Verify with your friend through another method.

Verification codes should never be shared, even with people you know.

Fake Job Offer

A recruiter asks for your SSN and banking information before a formal interview.

Reveal safest response

Research and verify the company first.

Fake job scams exploit urgency and hope to collect sensitive data.

USB Drive Found

You find a USB drive labeled “Executive Salaries” in the parking lot.

Reveal safest response

Give it to IT or security without plugging it in.

USB baiting relies on curiosity and can install malware.

Cybersecurity Knowledge Quizzes

Choose a quiz below. For each question, click the answer you think is correct.

Quiz 1: Phishing Awareness

1. Which is the strongest sign of a phishing email?

A. Professional logo

Not quite. Logos can be copied easily.

B. Urgent request for login credentials

Correct. Urgency plus credential requests are major phishing indicators.

C. Friendly greeting

Not quite. A friendly tone alone does not prove phishing.

D. Short message

Not quite. Short messages can be legitimate.

2. What should you do before clicking a link in an unexpected email?

A. Click quickly

Incorrect. Acting quickly is what attackers want.

B. Reply to the sender

Incorrect. Replies can confirm your account is active.

C. Check the sender and URL

Correct. Always verify the sender and destination before interacting.

D. Forward it to friends

Incorrect. This can spread the threat.

3. A fake login page is mainly designed to steal what?

A. Screen brightness

Incorrect.

B. Credentials

Correct. Fake login pages capture usernames, passwords, and sometimes MFA codes.

C. Keyboard settings

Incorrect.

D. Browser theme

Incorrect.

4. Which email attachment is most suspicious?

A. invoice.pdf.exe

Correct. The .exe extension can run code and may install malware.

B. notes.txt

Less suspicious than an executable file.

C. photo.jpg

Less suspicious, though unexpected files should still be verified.

D. calendar.ics

Less suspicious, though still verify unexpected invites.

5. What is sender spoofing?

A. Encrypting email

Incorrect.

B. Making an email appear to come from someone trusted

Correct. Attackers spoof senders to exploit trust.

C. Deleting spam

Incorrect.

D. Updating a password

Incorrect.

Quiz 2: Social Engineering Psychology

1. Why do attackers use urgency?

A. To help users think slowly

Incorrect.

B. To pressure quick decisions

Correct. Urgency pushes people to act emotionally instead of carefully.

C. To improve grammar

Incorrect.

D. To reduce risk

Incorrect.

2. Authority bias means people are more likely to trust:

A. Random strangers

Incorrect.

B. Someone who appears powerful or official

Correct. Attackers often impersonate executives, IT staff, banks, or agencies.

C. Long passwords

Incorrect.

D. Old software

Incorrect.

3. Which emotion is commonly exploited in tech support scams?

A. Fear

Correct. Fake virus warnings use fear to make users call scammers or download tools.

B. Boredom

Incorrect.

C. Nostalgia

Incorrect.

D. Relaxation

Incorrect.

4. Curiosity is exploited when attackers:

A. Offer boring instructions

Incorrect.

B. Label a file or USB drive with tempting information

Correct. Curiosity can lead users to open unsafe files, links, or devices.

C. Delete messages

Incorrect.

D. Use plain text only

Incorrect.

5. Social engineering succeeds because it targets:

A. Only firewalls

Incorrect.

B. Human decision-making

Correct. Social engineering manipulates trust, emotion, and behavior.

C. Screen size

Incorrect.

D. Printer speed

Incorrect.

Cybersecurity Vocabulary Challenge

Read each real-world scenario and choose the cybersecurity term that best matches the description. Select an answer to receive immediate feedback.

Score: 0 / 20

Translate »