Safety Simulations
Practice responding to real-world digital safety scenarios
Email Phishing Scenario
You receive an urgent email claiming to be from your bank. Learn to identify phishing attempts and respond appropriately.
Social Engineering Attack
Experience common social engineering tactics and practice protecting your personal information from manipulation.
Malware Defense
Navigate through scenarios involving suspicious downloads, pop-ups, and potentially infected files.
Privacy Settings Challenge
Practice configuring privacy settings across different platforms to protect your digital identity.
Cyberbullying Response
Learn how to recognize, document, and respond to cyberbullying situations effectively and safely.
Digital Footprint Audit
Evaluate and manage your online presence by conducting a comprehensive digital footprint assessment.
Email Phishing Simulation
Scenario:
You just received this email in your inbox:
From: security@paypa1-verification.com
Subject: URGENT: Your Account Will Be Suspended
Dear Valued Customer,
We have detected unusual activity on your PayPal account. Your account will be suspended within 24 hours unless you verify your identity immediately.
Click here to verify your account now: https://paypa1-verify.com/secure
Failure to verify will result in permanent account closure and loss of funds.
Thank you,
PayPal Security Team
What should you do?
Not the best choice!
Never click links in suspicious emails. This is exactly what the attacker wants you to do. The link likely leads to a fake website designed to steal your login credentials.
Tip: Always access your accounts directly by typing the URL in your browser, not through email links.
Not recommended!
Replying to phishing emails confirms your email address is active and may result in more attacks. It also won't help verify if the email is legitimate.
Tip: Never respond to suspicious emails. Instead, contact the company directly using official contact information.
Excellent choice!
This is the correct approach! By logging in directly through your browser or app, you can safely check your account status without risk.
Red flags in this email:
- Misspelled domain: "paypa1" instead of "paypal"
- Generic greeting: "Dear Valued Customer"
- Urgent threatening language
- Suspicious link
- Poor grammar and formatting
Next steps: Report the email as phishing and delete it.
Not ideal!
While your intent to warn others is good, forwarding phishing emails can spread them further and might accidentally trick someone into clicking the malicious link.
Better approach: Tell people verbally or share general information about the scam without forwarding the actual email.
Learning Points:
- Always verify sender email addresses carefully
- Look for typos in domain names (paypa1 vs paypal)
- Be suspicious of urgent or threatening language
- Never click links in unexpected emails
- Access accounts directly through official websites or apps
- Report phishing attempts to the real company and your email provider
Malware Defense Simulation
Scenario:
You're browsing the internet when suddenly a pop-up appears:
⚠️ WARNING! ⚠️
Your computer is infected with 5 viruses!
Your system will be damaged if you don't act now!
This message is from Windows Security Center
What should you do?
Dangerous choice!
This pop-up is fake malware - a type of scareware designed to trick you into downloading malicious software. Clicking the button would likely install actual malware on your computer!
Tip: Legitimate antivirus software doesn't advertise through random pop-ups.
Not recommended!
Phone numbers in fake pop-ups lead to scammers who will try to sell you fake services, steal your information, or convince you to give them remote access to your computer.
Tip: Windows Security Center doesn't provide phone support through pop-ups.
Perfect response!
This is exactly the right approach! Close the browser without interacting with the pop-up, then use your trusted antivirus software to scan your system.
Red flags in this scenario:
- Alarming, urgent language with threats
- Fake official branding (Windows Security Center)
- Pressure to download or act immediately
- Pop-up appears randomly while browsing
- Promises of "free" solutions to made-up problems
Next steps: Run a scan with your legitimate antivirus software and consider clearing your browser cache.
Risky move!
Clicking anywhere on a malicious pop-up can trigger downloads or redirect you to dangerous websites. Some pop-ups have fake "close" buttons that actually activate the malware.
Better approach: Use keyboard shortcuts (Alt+F4 or Ctrl+W) or close the entire browser from the taskbar.
Learning Points:
- Never click on suspicious pop-ups or warnings
- Real security warnings come from your installed antivirus
- Be skeptical of urgent, fear-inducing messages
- Close suspicious pop-ups using keyboard shortcuts or taskbar
- Keep your legitimate antivirus software updated
- Only download software from official sources
Privacy Settings Challenge Simulation
Scenario:
You just created a new social media account. Before posting, you check the default privacy settings and find:
Current Settings:
- ✅ Profile is public (anyone can see your posts)
- ✅ Location sharing is enabled on all posts
- ✅ Photos can be tagged by anyone
- ✅ Search engines can find your profile
- ✅ Your friend list is visible to everyone
- ✅ Apps can access your data for marketing
What should you do with these settings?
Not recommended!
Default settings are often designed to maximize data collection and engagement, not your privacy. Platforms benefit from more public data and may not prioritize your privacy by default.
Tip: Always review and customize privacy settings when creating a new account.
Incomplete protection!
While making your profile private is good, location sharing, tagging permissions, and data access for apps can still expose you to risks. Each setting serves a different privacy function.
Tip: Privacy is multi-layered - one setting change isn't enough to protect all aspects of your information.
Excellent approach!
This is the best strategy! Every user has different privacy needs and comfort levels. Reviewing each setting allows you to make informed decisions.
Recommended adjustments:
- Set profile to private (friends only) unless you have a specific reason to be public
- Disable automatic location sharing - add location manually only when needed
- Require approval for photo tags
- Opt out of search engine indexing for personal accounts
- Limit friend list visibility to friends only
- Disable data sharing with third-party apps or limit to essential apps only
Next steps: Schedule regular privacy check-ups (quarterly) as platforms update their settings.
Too restrictive!
While privacy is important, making everything completely private might limit your ability to use the platform effectively. A public profile picture is often useful for helping friends find you.
Better approach: Balance privacy with functionality - customize settings based on what you're comfortable sharing and what serves your purposes.
Learning Points:
- Always review default privacy settings on new accounts
- Consider each setting's purpose and your comfort level
- Disable location sharing unless specifically needed
- Control who can tag you in photos and posts
- Limit data sharing with third-party apps
- Review and update privacy settings regularly
- Different platforms require different privacy approaches
Cyberbullying Response Simulation
Scenario:
Your friend shows you their phone. Someone has been posting mean comments on all their social media posts for the past week:
Examples of comments:
- "Nobody likes you. Why do you even post?"
- "You look terrible in every photo"
- "Everyone thinks you're fake"
- "You should just delete your account"
Your friend seems upset and says they don't know what to do.
What's the best advice to give your friend?
Not the best approach!
Engaging with cyberbullies often escalates the situation. Bullies want a reaction, and responding gives them what they want. It can also make the situation worse and provide them with more content to use against your friend.
Tip: Direct engagement rarely stops cyberbullying and can increase the harassment.
Incomplete response!
While not engaging is part of the solution, simply ignoring cyberbullying isn't enough. It's important to document the behavior, report it, and seek support from adults. The bullying may continue or even escalate if not addressed properly.
Tip: Cyberbullying is serious and requires action beyond just ignoring it.
Excellent advice!
This is the comprehensive and correct approach to handling cyberbullying!
Steps to take:
- Document: Take screenshots of all harassing messages with dates and times visible
- Block: Prevent the bully from further contact on all platforms
- Report: Use the platform's reporting features to report harassment
- Tell an adult: Inform parents, teachers, or counselors who can provide support
- Don't retaliate: Avoid responding or retaliating against the bully
- Seek support: Talk to friends, counselors, or support hotlines if feeling distressed
For severe cases: If threats of violence occur or if the bullying doesn't stop, consider involving school authorities or law enforcement.
Too extreme!
Deleting all social media accounts is an extreme response that punishes the victim rather than addressing the problem. Your friend shouldn't have to give up their online presence because of a bully. There are better solutions.
Better approach: Take action to stop the bullying while maintaining your friend's right to participate in social media safely.
Learning Points:
- Document all instances of cyberbullying with screenshots
- Block users who engage in harassment
- Report cyberbullying using platform reporting tools
- Always inform a trusted adult about cyberbullying
- Don't respond or retaliate against bullies
- Seek emotional support from friends, family, or counselors
- Know that cyberbullying is serious and not the victim's fault
Digital Footprint Audit Simulation
Scenario:
You're applying for your first job and the employer mentions they do online background checks. You decide to search for yourself online and find:
What you discovered:
- Old social media posts from 3 years ago with inappropriate jokes
- Photos from parties tagged by friends showing risky behavior
- Comments on controversial topics using strong language
- Your full name, school, and age visible on multiple platforms
- A YouTube channel with videos from when you were younger
- Your email address and phone number on some public profiles
What should you do to manage your digital footprint?
Risky assumption!
While some employers may be understanding, many make hiring decisions based on online presence. Your digital footprint is often the first impression you make. Inappropriate content can cost you opportunities.
Tip: It's estimated that 70% of employers use social media to screen candidates. Taking control of your digital footprint is important.
Too drastic!
Deleting all accounts is extreme and may raise red flags with employers who expect some online presence. Additionally, content may still exist in cached versions or on other people's accounts. A complete absence online can seem suspicious.
Tip: A professional, well-managed online presence is better than no presence at all.
Perfect strategy!
This is the comprehensive and mature approach to managing your digital footprint!
Action plan for digital footprint cleanup:
- Audit all accounts: Search your name in multiple search engines and review all results
- Delete inappropriate content: Remove old posts, comments, and photos that don't reflect who you are now
- Untag yourself: Request removal from inappropriate photos posted by others
- Adjust privacy settings: Make personal accounts private and create professional public profiles
- Remove personal information: Delete or hide phone numbers, addresses, and detailed personal data
- Google yourself regularly: Set up Google Alerts for your name to monitor your online presence
- Build positive content: Create professional profiles on LinkedIn, start a portfolio website, or blog about your interests
Remember: Your digital footprint is permanent. Always think before you post!
Not a solution!
Creating fake accounts can backfire if discovered and raises ethical concerns. Employers may find this dishonest. Additionally, your original content will still exist online. It's better to address the actual content than try to hide behind a new identity.
Tip: Honesty and proactive management of your real identity is always the best policy.
Learning Points:
- Regularly Google yourself to see what others can find
- Delete or edit old posts that don't reflect your current values
- Request removal from inappropriate photos posted by others
- Keep personal and professional lives separate online
- Build a positive digital footprint with professional content
- Think before posting - everything online can be permanent
- Review privacy settings on all platforms regularly
- Consider your future self when posting today
Social Engineering Attack Simulation
Scenario:
You receive a phone call from someone claiming to be from your IT department:
Caller: "Hello, this is John from IT Support. We've detected suspicious activity on your company account. We need to verify your credentials immediately to prevent a security breach. Can you provide me with your username and password so I can fix this issue right away? This is urgent - your account will be locked in 10 minutes if we don't resolve this."
What should you do?
Dangerous choice!
Never provide your credentials to anyone over the phone, even if they claim to be from IT. Legitimate IT departments will never ask for your password. This is a classic social engineering attack designed to steal your credentials.
Tip: Urgency and pressure are common tactics used by attackers to bypass your better judgment.
Still not safe!
Employee IDs can be easily faked or obtained through research. This doesn't verify the caller's legitimacy. Never share your password with anyone, regardless of what identification they provide.
Tip: Attackers often do research to make their calls more convincing with internal information.
Excellent choice!
This is the correct approach! Always verify unexpected requests through official channels, especially when they involve sensitive information.
Red flags in this scenario:
Next steps: Contact IT using the official support number from your company directory and report the suspicious call.
Risky approach!
Allowing remote access to someone whose identity you haven't verified is extremely dangerous. They could install malware, steal data, or compromise your entire system.
Better approach: Always verify the caller's identity through official channels before allowing any access or providing information.
Learning Points: