Protect Cyber City

Play our cybersecurity training game to learn about the importance of — and keys to — online security. Defeat the villains and take your city back! What’re you waiting for?

Start the game by clicking on the "Play" button.
You will be presented with a series of questions.
Read each question and select the correct answer by clicking on the corresponding option.
Be careful! Choosing the wrong answer empowers the villain, bringing them closer to executing their evil plan.
Your goal is to answer as many questions correctly as possible to weaken the villain.
You must answer at least 9 out of the 13 questions to win.

For better experience, turn up your sound.

Malware Maven has taken over the city's outdated technology, and she's out for vengeance. Her plan of attack? To corrupt the old and outdated technologies and influence systems to turn on their owners across the city, HAI-tropolis.

Read the question carefully and select the correct answer below to fight back against Malware Maven.

How often should the latest software updates for your computer’s apps, web browsers, and operating systems be installed?

Question 1 of 13

Weekly

Monthly

Quarterly

As soon as possible

Having the most up-to-date software helps protect your systems against security vulnerabilities, which can pop up at any moment.

Having the most up-to-date software helps protect your systems against security vulnerabilities, which can pop up at any moment.

Great job! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends installing software updates (often called patches) as soon as possible to prevent attackers from taking advantage of system vulnerabilities within a program or product. Vendors usually put software updates on their websites for users to download. In many cases, the software can be set to check for and download updates automatically. CISA recommends that you take advantage of automatic software updates when available to ensure vulnerabilities are patched promptly.

As the city struggled to find the source of the mysterious illness, little did they know that Malware Maven was using her cunning tactics to impersonate a coworker and breach the security wall, allowing her to wreak havoc undetected.

Read the question carefully and select the correct answer below to fight back against Malware Maven.

A colleague emails and asks that you share your network password while you're out sick so they can access a time-sensitive document you're working on together. What should you do?

Question 2 of 13

Share your password because you trust your colleague.

Share your password with your colleague’s manager instead.

Decline to share your password.

Share your password with your colleague and change it immediately once you're back at work.

Your colleague may be trustworthy, but what if the email is from a cybercriminal pretending to be your colleague to secure sensitive information? This type of phishing scheme, called "business email compromise," involves cybercriminals sending an email message that appears to come from a known source. making it a seemingly legitimate request.

Every time you share or reuse a password, it chips away at your security by opening up more avenues in which the password could be misused or stolen.

This scenario could be an instance of "business email compromise," in which cybercriminals send an email message that appears to come from a known source who is making a legitimate request. By the time you return to work and change your password, it may be too late—cybercriminals don't need much time to exploit a vulnerability. Every time you share a password, the chances of that password being misused or stolen increase.

Spot on! Always keep passwords private. Every time you share or reuse a password, you open up more avenues for it to be misused or stolen. Watch out for cybercriminals trying to trick you into revealing your passwords or other sensitive information by pretending to be someone you trust and creating a sense of urgency.

Malware Maven had her eyes set on the coveted blueprints and sensitive technology stored in the high-security vault, and she was willing to go to any lengths to get her hands on them.

Read the question carefully and select the correct answer below to fight back against Malware Maven.

As you scan your badge to enter your office, someone behind you asks you to hold the door for them. You don't recognize the person. What should you do?

Question 3 of 13

Hold the door, it’s the polite thing to do.

Pretend you didn't hear them and move on with your morning. Someone else will let them in.

Don't hold the door. Notify security immediately.

None of the above.

Holding the door is the polite thing to do, but in this situation, it's not the right thing to do. Cybercriminals will take advantage of certain human behaviors—politeness included—to gain access to private information and facilities.

If you encounter this situation, you should ask yourself if the person has a legitimate reason for entering the building. By ignoring the request and going about your day, you're passing on the responsibility to someone else who may not think twice about letting a potential cybercriminal into the office.

This situation could be an instance of "tailgating," a method cybercriminals use to gain access to a building or other protected area. A tailgater waits for an authorized user to open and pass through a secure entry and follows behind.

Play it safe! Don't hold the door, and notify security immediately to verify whether the person belongs in the building. This situation could be an instance of tailgating, a method cybercriminals use to gain access to a building or other protected area.

Phishing Fury was hard at work crafting his latest scam, a cunning phishing bug designed to trick unsuspecting victims into divulging their personal information, and he couldn't wait to reel in her next catch.

Read the question carefully and select the correct answer below to fight back against Phishing Fury.

Which of these statements is correct?

Question 4 of 13

If you get an email from someone you know, like a vendor, you can click on any links as long as you have a spam blocker and antivirus protection.

You can trust that an email really comes from a vendor if it uses the vendor's logo and contains at least one fact about the vendor that you know to be true.

If you get a message from a colleague who needs your network password, you should never give it out unless the colleague says it’s an emergency.

If you get an email from Human Resources asking you to provide personal information right away, you should verify it with HR first to ensure the sender is who they say they are.

Spam blockers and antivirus protection programs aren't foolproof, and a cybercriminal could pretend to be a known vendor to obtain sensitive information. Carefully examine the email address and contents before clicking any links or attachments — cybercriminals often use slight differences to trick you and gain your trust.

A cybercriminal could pretend to be your vendor contact to obtain sensitive information. Carefully examine the email address and contents of the email—cybercriminals often use slight differences to trick your eye and gain trust.

Every time you share or reuse a password, it chips away at your security by opening up more avenues in which the password could be misused or stolen.

Right on! Always verify suspicious and unexpected emails before clicking on any links/attachments or replying with confidential information, especially if the request presses you to act quickly. A type of phishing attack called business email compromise involves cybercriminals sending an email message that appears to come from a known source who is making legitimate requests. When in doubt, look up the phone number of the sender on your own (don't use the number the potential cybercriminal is providing) and call to verify the request.

Phishing Fury had his sights set on a specific target, but the team was at a loss since nobody was in charge of their cybersecurity, leaving them vulnerable to the villain's schemes.

Read the question carefully and select the correct answer below to fight back against Phishing Fury.

Who in the organization should be responsible for cybersecurity?

Question 5 of 13

Executives

Managers

All staff

IT staff

Executives can help set the tone regarding the organization's cybersecurity culture, but shouldn't be solely responsible for cybersecurity.

Managers can help ensure staff members understand and implement cybersecurity best practices, but shouldn't be solely responsible for cybersecurity.

IT staff can help identify and prevent cybersecurity threats to the organization, but shouldn't be solely responsible for cybersecurity.

You got it! A comprehensive cybersecurity strategy incorporates all staff. Why? A large percentage of cyber attacks include some element of human error. Pursuing an integrated, holistic approach embeds the concept of cybersecurity into each employee's workday so that it becomes subconscious. Well-trained employees who understand the importance of cybersecurity form a human firewall, an organization's best line of defense against a cyberattack.

As Phishing Fury's cache of ill-gotten gains continued to grow, so too did his nefarious plans, which now included funding a dangerous laser beam capable of untold destruction, all while draining the bank accounts of innocent victims who fell prey to his phishing schemes.

Read the question carefully and select the correct answer below to fight back against Phishing Fury.

Phishing is a form of social engineering in which cybercriminals use email and other modes of communication to trick you into giving them sensitive personal or financial information.

Question 6 of 13

True

False

Phishing messages often tell a story to trick you into clicking a link or opening an attachment containing malicious software (malware). Often, phishing messages claim a problem with your account or ask you to click a link to make an overdue payment. These messages are usually written with a sense of urgency (e.g., I need this by the end of the day) to provoke you into taking action without considering the consequences.

Martha's heart sank as she realized the grave mistake she had made — the link she had clicked on was a trap set by Ransomware Raider, and now all her sensitive data was being held hostage for a hefty ransom.

Read the question carefully and select the correct answer below to fight back against Ransomware Raider.

If you think you fell for a phishing scam, what should you do to limit the damage? Select any that apply.

Question 7 of 13

Restart your computer.

Unplug your computer.

Immediately change any compromised passwords.

Notify your IT department.

Restarting your computer doesn't remove malicious software (malware), nor does it prevent cybercriminals from taking advantage of any private information (e.g., usernames and passwords) that you've unwittingly provided.

Once a computer is infected with malicious software (malware), turning it off doesn't help, nor does it prevent cybercriminals from taking advantage of any private information (e.g., usernames and passwords) that you've unwittingly provided

Correct! If you think you fell for a phishing scam, immediately notify your IT department and change any compromised passwords. Your IT department can investigate the extent of the attack and escalate the response if necessary, put others on alert, set spam blockers, install software updates to limit further damage, and implement other emergency response tactics. Changing compromised passwords can help prevent cybercriminals from exploiting any information they tricked you into giving them.

Ransomware Raider had set her sights on the wealthy and influential top clients, and was determined to kidnap them and hold them for ransom, using their wealth and power as leverage to achieve his ultimate goal of becoming the most feared and powerful criminal in the city.

Read the question carefully and select the correct answer below to fight back against Ransomware Raider.

An email from your boss asks for the names, addresses, and credit card details of your business partner. The email says it’s urgent and to reply right away. Choose the appropriate response.

Question 8 of 13

Reply right away with the requested information.

Reply and ask your boss why they need the information.

Don't reply. Just delete the email and move on.

Call your boss (or ask them in person) to confirm the request before replying.

The email could be a phishing attack from cybercriminals pretending to be your boss. The urgent nature of the request is a potential giveaway, especially if you don't receive requests like this often.

The email could be a phishing attack from cybercriminals pretending to be your boss. If that's the case, they might devise a feasible reason, tricking you into providing private information.

This email could be a phishing attack from cybercriminals pretending to be your boss. But on the off chance it's actually your boss making the request, you probably shouldn't completely ignore it.

Yes! When in doubt, it's best to call your boss (or ask them in person) to confirm the request before replying. When it comes to sensitive information, you can never be too careful, as the email could be a phishing attack.

Ransomware Raider's automated robot gave the illusion of a secure network, but in reality, it was a clever ruse to lure unsuspecting victims into a false sense of security, allowing her to strike at the perfect moment and hold their sensitive data hostage for a hefty ransom.

Read the question carefully and select the correct answer below to fight back against Ransomware Raider.

If you receive an email that looks like it's from someone you know, it's safe to click on any links as long as you have a spam blocker and antivirus protection.

Question 9 of 13

True

False

Spam blockers and antivirus protection programs aren't fool-proof, and a cybercriminal could pretend to be someone you know to obtain sensitive information. Carefully examine the email address and contents of the email before clicking on any links or attachments— cybercriminals often use slight differences to trick your eye and gain trust.

Virus Vandal had set his sights on the wealthy and powerful top clients, and was determined to kidnap them and hold them for ransom, using his cunning Trojan horse tactics to infiltrate their systems undetected and achieve his ultimate goal of becoming the most feared and notorious criminal in the city.

Read the question carefully and select the correct answer below to fight back against Virus Vandal.

You get an email from a vendor who asks you to click on a link to reset your password. You should:

Question 10 of 13

Reply to the email to confirm that you really need to change your password.

Pick up the phone and call the vendor using a phone number you know to be correct to confirm that the request is real.

Click on the link. If it takes you to the vendor's website, then you'll know it's not a scam.

The email could be a phishing attack from cybercriminals pretending to be a vendor, which means you might accidentally give them your password when they reply with a link to reset it.

The email could be a phishing attack from cybercriminals pretending to be your vendor. It's common for cybercriminals to create fake versions of websites you know and trust to lure unsuspecting victims into sending money.

Smart move! Play it safe by calling the vendor using a phone number you know to be correct to confirm the request. The email could be a phishing attack. The urgent nature of the request should raise red flags. It's a tactic used frequently by cybercriminals to trick victims into taking action without considering the consequences.

Disguised as a reputable company, Virus Vandal's cunning phishing scam fooled countless citizens with its generic greeting, phony billing problem, and a suspicious link to update payment details, all peppered with improper grammar and misspellings, leading to a wave of identity theft and financial ruin.

Read the question carefully and select the correct answer below to fight back against Virus Vandal.

What's NOT a telltale sign that an email is part of a phishing scam?

Question 11 of 13

The message says your account is on hold because of a billing problem.

The message invites you to click on a link to update your payment details.

The message includes improper grammar and misspellings.

The message has a generic greeting.

None of the above.

Phishing emails typically include a generic greeting with improper grammar and misspellings. Cybercriminals exploit human behavior to manipulate, influence, or deceive victims. For example, a message might say that your account is on hold because of a billing problem or invite you to click on a link to update your payment details. Cybercriminals want you to panic and respond without thinking about the legitimacy of an email.

Virus Vandal's nefarious plan to create a city-wide blackout succeeded beyond his wildest dreams, plunging the metropolis into chaos and allowing him to carry out his sinister schemes undetected in the resulting darkness.

Read the question carefully and select the correct answer below to fight back against Virus Vandal.

Ransomware is malware that infects computer networks and devices to hold your data hostage until you send the attackers money. Which step doesn't significantly decrease the chances of putting your organization at risk of a ransomware attack?

Question 12 of 13

Verify suspicious messages before clicking on attachments or links.

Ensure the latest software updates are installed.

Open suspicious links in a private browser.

Verifying suspicious messages before clicking attachments or links is a cybersecurity best practice. Cybercriminals frequently plant ransomware in links or attachments within phishing emails.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends installing software updates (often called patches) as soon as possible to prevent attackers from taking advantage of system vulnerabilities within a program or product. Vendors usually put software updates on their websites for users to download. In many cases, the software can be set to check for and download updates automatically. CISA recommends that you take advantage of automatic software updates when available to ensure vulnerabilities are patched promptly.

Right! Opening suspicious links in a private browser doesn't significantly decrease the chances of putting your organization at risk. Anything you click on while using a private browser can pose a threat.

Virus Vandal's doomsday machine loomed menacingly over the city, as he threatened to unleash its devastating power unless his demands were met, sending the citizens into a frenzy of fear and panic.

Read the question carefully and select the correct answer below to fight back against Virus Vandal.

Which of these best describes how criminals launch ransomware attacks?

Question 13 of 13

They send a phishing email with links or attachments that put your data and network at risk.

They gain access to your server by exploiting vulnerabilities and installing malware.

They use infected websites that automatically download malicious software to your computer or mobile device.

All of the above.

Cybercriminals use an ever-growing list of tactics to initiate ransomware attacks, which underscores the importance of ongoing training and a suspicious mindset, elements of a human firewall, an organization's best line of defense against a cyberattack. A robust human firewall helps prevent attacks that make it past outer layers of security, such as email filters.

Correct! Cybercriminals use an ever-growing list of tactics to initiate ransomware attacks, which underscores the importance of ongoing training and a suspicious mindset, elements of a human firewall, an organization's best line of defense against a cyberattack. A robust human firewall helps prevent attacks that make it past outer layers of security, such as email filters.