You visit a website that shows a padlock icon and starts with 'https://'. A friend tells you the site must be safe because it is encrypted. Which response is most accurate?
AYour friend is correct — HTTPS guarantees the site is legitimate
BHTTPS means your connection is encrypted, but the site itself could still be malicious
CHTTPS is only important for banking sites, not general browsing
DThe padlock icon means the site has been verified by the government
HTTPS encrypts the traffic between your browser and the server, preventing eavesdropping. But anyone can get an HTTPS certificate for a fake site. A phishing page at 'https://paypa1.com' is encrypted — and still fraudulent. The padlock tells you your connection is private, not that the destination is trustworthy.
Question 2 True / False
Most successful online attacks exploit sophisticated technical vulnerabilities that average users have no way to prevent.
TTrue
FFalse
Answer: False
The majority of successful attacks — phishing, social engineering, malware from suspicious downloads — succeed because of predictable human behavior, not because hackers defeated advanced security systems. Clicking a link without checking the URL, opening unexpected attachments, or reusing passwords are the primary attack vectors. Behavior change is more protective than any tool.
Question 3 Short Answer
What is one specific action you can take before clicking a link in an unexpected email to reduce the risk of phishing?
Think about your answer, then reveal below.
Model answer: Hover over the link to inspect the actual destination URL before clicking, and verify it matches the expected domain of the sender.
Phishing links often disguise themselves with display text like 'Click here to verify your account' while pointing to a malicious domain. Hovering reveals the real destination. Checking that the domain matches the legitimate organization (e.g., 'paypal.com' not 'paypa1.com' or 'paypal.scam.com') is a concrete, reliable behavior that catches a large share of phishing attempts.