OIT Security Awareness Booth
Which of the following options is the most effective way to improve email phishing security? A. A phishing test B. A corporate firewall C. Two-factor authentication D. A virtual private network
A. A phishing test
The best way to avoid phishing is to A. Be skeptical about any online requests for personal information. B. Stay off social media. C. Not share your email address. D. Use the same password for all accounts.
A. Be skeptical about any online requests for personal information.
How many phishing emails are sent every day globally? A. Billions B. Millions C. Thousands D. Hundreds
A. Billions
A Spam email is a message you haven't asked for, which might try to sell you something, and has been sent to lots of people at the same time. A. True B. False
A. True
Phishing attacks vastly outnumber zero-day attacks. A. True B. False
A. True
Which is NOT a phishing feature? A. Sense of urgency B. Addressed to you C. Link to website D. Generic greeting
B. Addressed to you
If you receive a message that your computer has a virus, you should: A. Download the fix immediately! B. Be suspicious because they can't tell if your computer has a virus. C. Send them your credit card information right away to get help!
B. Be suspicious because they can't tell if your computer has a virus.
How often should you change your password? A. Everyday B. Every 3 months C. Every 10 years D. Never
B. Every 3 months
Who are the targets of whaling phishing attacks? A. Intro-level employees B. Executives C. Middle management D. IT professionals
B. Executives
Phishing is... A. Using a fishing pole to catch fish. B. Luring someone into giving out private information. C. Pretending to be someone you're not. D. Being at high risk of attack or harm
B. Luring someone into giving out private information.
What can happen if you click on a phishing email link or attachment? A. The email sender could gain access to company systems. B. The email sender could steal your personal information or company information. C. The email sender could distribute malware into the company network. D. All of the above
D. All of the above
What personal information might a phisher try to trick you into revealing? A. Credit card numbers B. Login and password information C. Social Security number D. All of the above
D. All of the above
Which of the following practices should IT employ for an email phishing test? A. Include executives and management B. Mimic the tactics of typical phishing attacks C. Extract as much user data as possible D. All of the above
D. All of the above
Why do I need to watch out for phishing emails? A. For personal safety and security. B. To protect your identity and sensitive information. C. To prevent being duped and falling for scams. D. All of the above.
D. All of the above.
What are the most common signs of phishing scams? A. Nice graphics and layout B. Contains personal information C. Proper spelling and grammar D. Unknown sender, sense of urgency, unexpected attachment, or too good to be true
D. Unknown sender, sense of urgency, unexpected attachment, or too good to be true
What is the most common way to receive a phishing scam? A. Text message B. Email C. Downloading films D. Unsafe websites
D. Unsafe websites
Why would people who send phishing emails be excited about a natural disaster or health scare? A. If people are distracted by a hurricane or a flu pandemic, they might be less likely to read emails carefully. B. Phishers often take advantage of current events, such as natural disasters, health scares, or political elections, and send messages with those themes to play on people's fears. C. Phishing emails reach more people if they are worried about the weather. D. If people go without power due to a storm or other natural disaster, they will be excited about communication being restored and they will respond to the emails they receive once power is back.
B. Phishers often take advantage of current events, such as natural disasters, health scares, or political elections, and send messages with those themes to play on people's fears.
Which of the following should you NOT do in response to an email scam? A. Tell your parents B. Reply to the email C. Report the email as spam D. Delete the email
B. Reply to the email
What is phishing? A. Scams through websites B. Scams through emails C. Scams through phone calls D. Scams through text messages
B. Scams through emails
What is a phishing attack called when it is designed to look like an email from a user's superior within the organization? A. Whale phishing B. Spear phishing C. Deceptive phishing D. In-session phishing
B. Spear phishing
How can a person executing a phishing attack steal someone's identity? A. They pretend they are someone else when emailing phishing messages, so that's like stealing an identity. B. They ask for personal information on a webpage or pop-up window linked from the phishing email, and they use the information entered to make illegal purchases or commit fraud. C. They send a request for the recipient's driver's license and credit cards. D. They ask for money to purchase your ID on the black market.
B. They ask for personal information on a webpage or pop-up window linked from the phishing email, and they use the information entered to make illegal purchases or commit fraud.
What happens if you click on a phishing email link or attachment? A. Browser/app is closed without any prompt. B. You are redirected to a website that asks you to enter sensitive information or directs you to download an attachment. C. You get an error page on the screen. D. None of the above
B. You are redirected to a website that asks you to enter sensitive information
What is spear fishing? A. A type of phishing that involves vacation offers B. A type of phishing that promises a large reward C. A type of phishing that targets specific groups of people in an organization. D. A type of phishing that lures the recipient in with a fun offer and then spreads a virus
C. A type of phishing that targets specific groups of people in an organization.
Sara finds a message on her phone that she thinks might be a scam. She should: A. Forward the message to her friends to see if they think it's a scam too B. Reply and ask the sender not to send more mail C. Delete the Message D. Click 'Accept'
C. Delete the Message
What should you do if you're unsure whether an email is real? A. Ignore the source and proceed anyway. B. Click on the link/download the attachment to find out. C. Learn and educate yourself with security awareness training. D. Forward the link to friends/colleagues and ask them if it's trustworthy.
C. Learn and educate yourself with security awareness training.
What should you do if you receive an email that says it is from someone or a business you know asking for personal information? A. Reply and ask them if they would like more personal information for their records. B. Go ahead and reply and give them the information they want. They must know who you are if they sent you an email. C. Open a new window and type in the official address of the company or person you know to be sure you're providing information to the correct business or person. D. None of the above
C. Open a new window and type in the official address of the company or person you know to be sure you're providing information to the correct business or person.
How is mobile phishing security different from PC and laptop phishing security? A. Mobile phishing attacks are extremely rare B. Email filters don't work on mobile devices C. Users can't preview suspicious links D. Attackers target mobile devices twice as much as laptops
C. Users can't preview suspicious links
Some red flags that you should watch out for in scams are: A. If you are put under pressure to act fast B. If what they are offering is too good to be true C. If it is an unsolicited message D. All of the above
D. All of the above
Unsure whether an email is real or phishing? Which of the following should you do? A. An unknown email sender sound vague or generic, and is threatening something about one of your online accounts? Report it as phishing. B. An alert email comes from PayPal or your bank. Open a new browser window and go to your account to see if anything is happening with your account. C. An offer appears to be from Amazon, but upon closer inspection it's actually from Amzon.co. You should report and delete the email. D. All of the above
D. All of the above
Unsure whether an email is real or phishing? Which of the following should you do? A. An unknown email sender sounds vague or generic and is threatening something about one of your online accounts. Report it as phishing. B. An alert email comes from PayPal or your bank. Open a new browser window and go to your account to see if anything is happening with your account. C. An offer appears to be from Amazon, but upon closer inspection, it's actually from Amzon.co. You should report and delete the email. D. All of the above
D. All of the above