Using easily guessable information like birthdates

Using the same password across multiple accounts

Including a mix of uppercase, lowercase, numbers, and symbols

Sharing passwords with trusted friends and family

To complicate the login process

To provide an additional layer of security beyond a password

To reset forgotten passwords

To monitor user activity

Limited access to system resources

Managing user accounts and permissions

Creating complex passwords

Conducting phishing awareness training

Use a fabricated story to gain victim’s trust. Pretexting attack can be done online, in person, or over the phone.

Offering something enticing, such as free software, a USB drive or money.

Sending fake emails, messages, or websites that appear legitimate.

Offering something enticing, such as free software, a USB drive or money.

To grant users the maximum level of access by default

To provide unlimited privileges to all users

To randomly assign access privileges

To restrict users' access rights to the minimum necessary for their roles

Urgent language and threats of account closure

Personalized greetings

Requests for regular password changes

Clearly identified sender information

Deleting unnecessary data

Categorizing data based on its sensitivity and importance

Sharing all data with all users

Ignoring data security measures