Across
- 2. A fake business email, often involving invoices, vendors, or wire transfers.
- 6. The right action when something feels suspicious, even if it turns out to be nothing.
- 7. A phone-call phishing attack where someone may impersonate IT, a manager, or a vendor.
- 9. Extra account protection that requires more than just a password.
- 10. A phishing attack sent by text message or SMS.
- 12. The quick test: Surprising, Time pressure, Outside process, Personal ask.
- 13. When attackers make an email, account, phone number, or website look real.
- 15. A tool type that can help work, but should not receive sensitive company data unless approved.
- 16. Protection to use when working on public Wi-Fi.
- 17. A phishing attack that uses a QR code.
Down
- 1. A tool or service provider that needs review before use.
- 3. Personal information such as name, email, address, phone number, or SSN.
- 4. A fake message designed to trick you into clicking, logging in, or sharing information.
- 5. A common social engineering tactic that pressures someone to act quickly.
- 8. One weak one can expose far more than one account.
- 10. Single Sign-On; reduces the number of separate passwords employees need.
- 11. The password manager employees should use for work accounts.
- 14. Controlled permission to systems, tools, or company data.
- 16. What you should do before acting on an unexpected request.
