Return to course: CyberAI Academy
Cyber AI
Previous Lesson
Previous
Next
Next Lesson
CyberAI Academy
Grades
Videos
Video Lessons Intro
Baseline Survey
Video Lesson 1
Video Lesson 2
Video Lesson 3
Video Lesson 4
Video Lesson 5
Video Lesson 6
Video Lesson 7
Video Lesson 8
Video Lesson 9
Video Lesson 10
Video Lesson 11
Video Lesson 12
Video Lesson 13
Video Lesson 14
Video Lesson 15
Final Quiz
Post Training Survey
Final Quiz
1. You’ve just received an email from what looks like your bank, marked URGENT: "Your account has been compromised. Click the link below to secure your funds immediately." 🤔 What’s the BEST next step you should take?
*
A) Click the link right away to secure your funds before the attackers steal them.
B) Reply to the email asking for more details about the situation.
C) Check the sender’s email address against previous legitimate communications from your bank, and contact the bank through a trusted phone number to confirm.
D) Ignore the email completely—all such emails are scams and not worth your time.
2. 🤔 Which of the following actions is not recommended when trying to identify a phishing email or text message?
*
A. Clicking on a link in an unsolicited message to verify its content.
B. Checking for proper capitalization, punctuation, and the presence of a greeting and closing.
C. Verifying the sender’s email address against previous communications.
D. Contacting the sender via an alternative method, such as a phone call, to confirm the message's legitimacy.
3. You receive an unsolicited phone call asking for your login credentials and sensitive personal information, with the caller claiming to be from your bank. 🤔 What’s the BEST course of action?
*
A. Provide the requested information immediately to resolve the issue faster.
B. Stay on the call to ask for more details before deciding.
C. Hang up right away without further action.
D. Hang up the phone, then verify the request's validity by calling the number on the back of your credit or debit card.
4. You receive an unsolicited email with an attachment labeled "Invoice" from an unknown sender using a public email address (like Gmail or Hotmail). The email urges you to open the attachment to review payment details. 🤔 What is the BEST course of action?
*
A. Open the attachment to see if the invoice is legitimate.
B. Reply to the sender asking for more details about the invoice.
C. Delete the email immediately without taking any further steps.
D. Do not open the attachment; instead, report the phishing attempt to the appropriate authorities.
5. You get an unsolicited email offering you a job that pays between $300 and $800 for 30 to 60 minutes of work on your phone or computer—no experience needed. 🤔 What should you do when you see this offer?
*
A. Respond immediately to learn more about the job offer.
B. Click the link in the email to verify the offer's details.
C. Report the email as a phishing attempt and then delete it.
D. Forward the email to a friend to ask if they think it’s legitimate.
6. When browsing a trusted website, you see an advertisement that suddenly appears and could be hiding malicious intent.
🤔 How might a malvertising attack compromise your device?
*
A. The ad only infects your device if you click on it.
B. The ad automatically infects your device with malware as soon as it loads, even if you don't click on it.
C. The ad requires you to fill in personal information before it can infect your device.
D. The ad is harmless because it comes from a trusted website.
7. 🤔 Which of the following actions is recommended when evaluating a suspicious social media profile?
*
A. Accept friend requests from accounts with incomplete profiles without further investigation.
B. Click on links in messages from unknown accounts to see what they contain.
C. Perform a reverse image search on the profile picture to check if it’s been used elsewhere.
D. Disclose your personal information when a vague profile asks for it.
8. You come across a sponsored ad on social media that redirects you to a website promising unbelievable offers. The ad appears professional but you notice subtle inconsistencies in the URL and a push to download a file immediately. 🤔 What should be your BEST course of action?
*
A. Click the ad immediately to check out the offer.
B. Download the file to see if it contains useful information.
C. Grant remote access if a “tech support” pop-up requests urgent help with your device.
D. Avoid clicking or downloading any files, verify the link’s authenticity by checking for inconsistencies, and report the incident to the proper authorities.
10. When dealing with impersonation cryptocurrency scams, 🤔 which of the following actions is recommended when you receive an unsolicited message from someone claiming to be a celebrity or a government agency demanding crypto payments?
*
A. Immediately transferring the requested cryptocurrency without any verification.
B. Ignoring urgent requests, performing thorough due diligence, and verifying the sender’s identity before taking any action.
C. Responding to the message to ask why crypto payments are required, even if the request is unsolicited.
D. Engaging with the sender in hopes of securing a potential investment opportunity despite the unsolicited nature of the offer.
11. As a small-business owner processing vendor invoices manually, 🤔 which of the following actions is NOT recommended to protect against a BEC false invoice scam?
*
A. Verify all invoice details carefully before processing any payment.
B. Have a second trusted pair of eyes review the invoice for discrepancies.
C. Immediately process the invoice without verifying any changes in bank account information.
D. Call the vendor directly to confirm any changes if the invoice information appears altered.
12. 🤔 Which of the following actions is recommended when you receive an email from a supposed CEO asking for a wire transfer?
*
A. Process the wire transfer immediately, trusting that the email is authentic.
B. Ignore the email completely and take no further steps to verify its legitimacy.
C. Be suspicious of any urgent request, carefully inspect the sender's email address for subtle character substitutions, and verify the request with your CEO via a secured phone call or in-person.
D. Reply to the email asking for additional details before verifying the sender’s identity.
13. After attending a video conference that appears to confirm a secret wire transfer request from your CFO, 🤔 what should you still do to protect against a potential deep fake AI account compromise attack?
*
A. Proceed with the wire transfer immediately since the video conference appeared authentic.
B. Independently verify the request by contacting the CFO’s assistant or admin using a secure, separate communication channel.
C. Schedule another video conference to reconfirm the instructions before processing the transfer.
D. Document the meeting and process the transfer, then report any discrepancies afterward.
14. You receive an urgent email from a supposed attorney requesting immediate, confidential action on a legal matter. The email address seems slightly off—there are subtle character substitutions—and the tone is designed to instill urgency. 🤔 What should you do?
*
A. Comply with the request immediately since it appears urgent and confidential.
B. Alert IT, carefully inspect the sender's email address for spoofing indicators, and verify the request using an independent, trusted communication channel.
C. Reply to the email asking for more details, then proceed if the explanation seems plausible.
D. Forward the email to your colleagues for their opinions before taking any action.
15. Imagine you receive an email that appears to be from your HR department asking for sensitive employee PII. The sender’s email address looks almost identical to the legitimate one—but if you look closely, you might notice subtle character substitutions (like “rn” in place of an “m” or a zero instead of a capital “O”). 🤔 What should you do to best counter this potential BEC attack, especially if it might be a hybrid attack using deep fake AI?
*
A. Forward the email to the IT department immediately without further review.
B. Reply to the email asking for more details before sending any data.
C. Rely on your email filtering software since it should catch any spoofing.
D. Carefully inspect the sender’s email address for anomalies and verify the request by contacting your management through a secured channel (face-to-face or via a secure phone call).