Recognizesa fake loginpageAvoidsdownloadingunknownapplicationsUses onlyapprovedtools forwork“Thislooks likea phishingattempt”RecognizesasuspiciousQR codeMentions“Thinkbeforeyou click”Knowshow toreport anincidentAvoidspublicWi‑Fi forwork tasksKnows theorganization’ssecuritypolicies existKnows not toplugunknownUSBs intodevicesDeletes datathey’re nolongerauthorized toretainUsesmulti‑factorauthenticationReports asuspicioustextmessageRecognizesan “urgent”or “act now”red flagVerifiessenderemailaddressNoticesspelling/grammarerrors in asuspicious emailFree!Avoidssendingsensitive infounencryptedRecognizesa scam orfake offerDeclines toshareinformationover thephoneUpdatessoftwarewhenpromptedLockscomputerwhensteppingawayCompletesannualsecuritytrainingValidatespayment orchangerequeststhrough asecond channelHoveringover linksbeforeclickingIdentifiesa spoofedsendernameStoressensitivefilessecurelyUses securefile transferinstead ofemailattachmentUsesapprovedsystems forwork filesShredsdocumentswithpersonal orclient infoAvoids takingphotos/screenshotsof client dataForwardsunusualemails to thesecurityteamReports asuspiciousemailAvoidssharingcredentialswith anyoneDeletesunexpectedattachmentsDouble-checksexternalrecipientsbefore sendingUsescompany‑approvedcloud storage“If it seemstoo good tobe true, itprobably is”Recognizeswhensomeone asksfor too muchinformationCreates astrongpassphrase(not just apassword)Identifiessuspiciousactivity ontheir accountRecognizesa fake loginpageAvoidsdownloadingunknownapplicationsUses onlyapprovedtools forwork“Thislooks likea phishingattempt”RecognizesasuspiciousQR codeMentions“Thinkbeforeyou click”Knowshow toreport anincidentAvoidspublicWi‑Fi forwork tasksKnows theorganization’ssecuritypolicies existKnows not toplugunknownUSBs intodevicesDeletes datathey’re nolongerauthorized toretainUsesmulti‑factorauthenticationReports asuspicioustextmessageRecognizesan “urgent”or “act now”red flagVerifiessenderemailaddressNoticesspelling/grammarerrors in asuspicious emailFree!Avoidssendingsensitive infounencryptedRecognizesa scam orfake offerDeclines toshareinformationover thephoneUpdatessoftwarewhenpromptedLockscomputerwhensteppingawayCompletesannualsecuritytrainingValidatespayment orchangerequeststhrough asecond channelHoveringover linksbeforeclickingIdentifiesa spoofedsendernameStoressensitivefilessecurelyUses securefile transferinstead ofemailattachmentUsesapprovedsystems forwork filesShredsdocumentswithpersonal orclient infoAvoids takingphotos/screenshotsof client dataForwardsunusualemails to thesecurityteamReports asuspiciousemailAvoidssharingcredentialswith anyoneDeletesunexpectedattachmentsDouble-checksexternalrecipientsbefore sendingUsescompany‑approvedcloud storage“If it seemstoo good tobe true, itprobably is”Recognizeswhensomeone asksfor too muchinformationCreates astrongpassphrase(not just apassword)Identifiessuspiciousactivity ontheir account

General Security Awareness - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
  1. Recognizes a fake login page
  2. Avoids downloading unknown applications
  3. Uses only approved tools for work
  4. “This looks like a phishing attempt”
  5. Recognizes a suspicious QR code
  6. Mentions “Think before you click”
  7. Knows how to report an incident
  8. Avoids public Wi‑Fi for work tasks
  9. Knows the organization’s security policies exist
  10. Knows not to plug unknown USBs into devices
  11. Deletes data they’re no longer authorized to retain
  12. Uses multi‑factor authentication
  13. Reports a suspicious text message
  14. Recognizes an “urgent” or “act now” red flag
  15. Verifies sender email address
  16. Notices spelling/grammar errors in a suspicious email
  17. Free!
  18. Avoids sending sensitive info unencrypted
  19. Recognizes a scam or fake offer
  20. Declines to share information over the phone
  21. Updates software when prompted
  22. Locks computer when stepping away
  23. Completes annual security training
  24. Validates payment or change requests through a second channel
  25. Hovering over links before clicking
  26. Identifies a spoofed sender name
  27. Stores sensitive files securely
  28. Uses secure file transfer instead of email attachment
  29. Uses approved systems for work files
  30. Shreds documents with personal or client info
  31. Avoids taking photos/screenshots of client data
  32. Forwards unusual emails to the security team
  33. Reports a suspicious email
  34. Avoids sharing credentials with anyone
  35. Deletes unexpected attachments
  36. Double-checks external recipients before sending
  37. Uses company‑approved cloud storage
  38. “If it seems too good to be true, it probably is”
  39. Recognizes when someone asks for too much information
  40. Creates a strong passphrase (not just a password)
  41. Identifies suspicious activity on their account