Show Menu
Cheatography

Awareness Module 1 Cheat Sheet (DRAFT) by

This cheat sheet summarizes the key concepts from Module 1 to help with quiz preparation.

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Why Cybers­ecurity Matters

Protect data
Prevent theft of personal & organi­zat­ional inform­ation.
Prevent financial loss
Stop phishing, ransom­ware, fraud
Safeguard sensitive documents
Maintain confid­ent­iality & integrity.
Protect reputation
Breaches damage trust in indivi­duals & organi­zat­ions.
Maintain continuity
Attacks like ransomware disrupt operat­ions.
Public trust
Strong security sustains confidence in digital services.

Employee Respon­sib­ilitie

- Recognize threats: phishing, malware, social engine­ering.
- Use strong, unique passwords + MFA.
- Follow safe web/email habits.
- Handle sensitive data carefully.
- Avoid unapproved apps/d­evices for work.
- Stay vigilant: lock screens, avoid suspicious links, report issues.
- Share best practices, report incidents promptly.

Red Flags checklist

Sender Email Address
Look for misspe­llings, slight changes, or unknown senders.
Urgent or Fearful Language
Beware of urgent phrases like “immediate action” or “account suspen­ded.”
Suspicious Links & Attach­ments
Hover over links and check file extensions to spot threats.
Poor Grammar & Spelling
Typos and errors can signal phishing; legit firms are proofread.
Requests for Person­al/­Fin­ancial Info
Beware of unexpected emails requesting sensitive info.
Unusual Content
Watch for generic greetings, odd content, or unusual tone.

How to Respond

Ask Yourself
Do I know the sender? Was I expecting this? Does the langua­ge/tone match what I know of them? 1. Does the email/­domain look correct?
Never
Click suspicious links. Download unexpected attach­ments. Send sensitive info by email. Reply to attacker.
Always
Verify via phone/­in-­per­son­/of­ficial channel. Report to cybers­ecurity team.
 

Types of phising

Email
Create urgency to trick victims into giving inform­ation, logging in, or sending money.
Vishing (via phone)
Phone scam where attackers impers­onate trusted entities to steal inform­ation.
Smishing (via text)
Text scam impers­onating a trusted entity to steal data or money.
Emerging Methods
- Deepfake voice/­video impers­ona­tion. - Business Email Compromise (BEC 2.0). - QR Code phishing (“Quis­hing”). - Collab­oration tool phishing (Slack­/Te­ams­/Zoom). - Consent phishing (malicious OAuth permis­sions). - Search engine phishing (fake ads & portals). - Calendar invite phishing.

Elements of Phishing attacks

Impers­onation
Appears legit with official logos, format­ting, and language.
Persuasive Language
Uses emotions, threats, or rewards to prompt action.
Sense of Urgency
Pressures victims with urgent security threats or account issues.
Malicious Links
Sends victims to fake sites or numbers to steal data.
Dangerous Attach­ments
May hide malware in fake invoices or receipts.
QR code
Qr code to login pages or asking for concent of OAuth
Invites
Fake calender invites or shared docs
Voice Messages
These are usually AI generated

Spam Emails

Spam emails steal data, harvest addresses, or spread malware.

Examples
1. Promotions (fake discounts, giveaways)
2. Job Scams (fraud­ulent employment offers)
3. Lottery Scams (fake winnings, prize claims)
4.Phishing Attempts (deceptive messages to steal inform­ation)

Key Charac­ter­istics
I. Unsoli­cited & unwanted (a.k.a. junk email)
II.Mas­s-d­ist­ributed to many recipients
III.Can be part of phishing campaigns
IV.Often linked to advert­ising or fraud

Spoofing

Forged “From” field to look like a trusted sender.
Used to power phishi­ng/­social engine­ering.
Examples : Fake PayPal or Microsoft addresses.