RecognizesasuspiciousQR codeRecognizeswhensomeone asksfor too muchinformationDeclines toshareinformationover thephone“Thislooks likea phishingattempt”Validatespayment orchangerequeststhrough asecond channelUsesmulti‑factorauthenticationIdentifiesa spoofedsendernameRecognizesa scam orfake offerCompletesannualsecuritytrainingKnowshow toreport anincidentAvoidssendingsensitive infounencryptedRecognizesa fake loginpageCreates astrongpassphrase(not just apassword)Forwardsunusualemails to thesecurityteamUsescompany‑approvedcloud storageAvoidsdownloadingunknownapplicationsVerifiessenderemailaddressUses securefile transferinstead ofemailattachmentAvoids takingphotos/screenshotsof client dataReports asuspicioustextmessageDeletes datathey’re nolongerauthorized toretainMentions“Thinkbeforeyou click”UpdatessoftwarewhenpromptedStoressensitivefilessecurelyDouble-checksexternalrecipientsbefore sendingAvoidssharingcredentialswith anyoneKnows theorganization’ssecuritypolicies existNoticesspelling/grammarerrors in asuspicious emailAvoidspublicWi‑Fi forwork tasksLockscomputerwhensteppingawayShredsdocumentswithpersonal orclient infoUsesapprovedsystems forwork filesKnows not toplugunknownUSBs intodevicesHoveringover linksbeforeclickingFree!DeletesunexpectedattachmentsIdentifiessuspiciousactivity ontheir accountRecognizesan “urgent”or “act now”red flagUses onlyapprovedtools forworkReports asuspiciousemail“If it seemstoo good tobe true, itprobably is”RecognizesasuspiciousQR codeRecognizeswhensomeone asksfor too muchinformationDeclines toshareinformationover thephone“Thislooks likea phishingattempt”Validatespayment orchangerequeststhrough asecond channelUsesmulti‑factorauthenticationIdentifiesa spoofedsendernameRecognizesa scam orfake offerCompletesannualsecuritytrainingKnowshow toreport anincidentAvoidssendingsensitive infounencryptedRecognizesa fake loginpageCreates astrongpassphrase(not just apassword)Forwardsunusualemails to thesecurityteamUsescompany‑approvedcloud storageAvoidsdownloadingunknownapplicationsVerifiessenderemailaddressUses securefile transferinstead ofemailattachmentAvoids takingphotos/screenshotsof client dataReports asuspicioustextmessageDeletes datathey’re nolongerauthorized toretainMentions“Thinkbeforeyou click”UpdatessoftwarewhenpromptedStoressensitivefilessecurelyDouble-checksexternalrecipientsbefore sendingAvoidssharingcredentialswith anyoneKnows theorganization’ssecuritypolicies existNoticesspelling/grammarerrors in asuspicious emailAvoidspublicWi‑Fi forwork tasksLockscomputerwhensteppingawayShredsdocumentswithpersonal orclient infoUsesapprovedsystems forwork filesKnows not toplugunknownUSBs intodevicesHoveringover linksbeforeclickingFree!DeletesunexpectedattachmentsIdentifiessuspiciousactivity ontheir accountRecognizesan “urgent”or “act now”red flagUses onlyapprovedtools forworkReports asuspiciousemail“If it seemstoo good tobe true, itprobably is”

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Recognizes a suspicious QR code
  2. Recognizes when someone asks for too much information
  3. Declines to share information over the phone
  4. “This looks like a phishing attempt”
  5. Validates payment or change requests through a second channel
  6. Uses multi‑factor authentication
  7. Identifies a spoofed sender name
  8. Recognizes a scam or fake offer
  9. Completes annual security training
  10. Knows how to report an incident
  11. Avoids sending sensitive info unencrypted
  12. Recognizes a fake login page
  13. Creates a strong passphrase (not just a password)
  14. Forwards unusual emails to the security team
  15. Uses company‑approved cloud storage
  16. Avoids downloading unknown applications
  17. Verifies sender email address
  18. Uses secure file transfer instead of email attachment
  19. Avoids taking photos/screenshots of client data
  20. Reports a suspicious text message
  21. Deletes data they’re no longer authorized to retain
  22. Mentions “Think before you click”
  23. Updates software when prompted
  24. Stores sensitive files securely
  25. Double-checks external recipients before sending
  26. Avoids sharing credentials with anyone
  27. Knows the organization’s security policies exist
  28. Notices spelling/grammar errors in a suspicious email
  29. Avoids public Wi‑Fi for work tasks
  30. Locks computer when stepping away
  31. Shreds documents with personal or client info
  32. Uses approved systems for work files
  33. Knows not to plug unknown USBs into devices
  34. Hovering over links before clicking
  35. Free!
  36. Deletes unexpected attachments
  37. Identifies suspicious activity on their account
  38. Recognizes an “urgent” or “act now” red flag
  39. Uses only approved tools for work
  40. Reports a suspicious email
  41. “If it seems too good to be true, it probably is”