The Badge Archive

• Fulfills Step 5 of GSUSA Junior Cybersecurity Investigator badge requirements.
• Fulfills Step 2 of GSUSA Cadette Cybersecurity Investigator badge requirements.

Info Needed for badge requirements: Phishing is when cyber criminals try to trick you into sharing private information, like passwords, addresses, or credit card numbers. They create fake messages that look real, such as emails, texts, or posts on social media. These messages often try to get you to click on bad links, download harmful attachments, or share your personal details.

Phishing messages often:

• Create a sense of urgency (e.g., “act now”).
• Play with emotions to make you worried or excited.
• Use small clues, like bad grammar or fake links, that give away they are not real.

To protect yourself:

• Always think before you click.
• Never share private information like passwords or payment details through email.
• If you get a message from a company, don’t click on links in the email. Instead, open a browser and go directly to the company’s website to log in.

Items Needed

• VTK Emma’s Emails by GSUSA for each group of 4-6 scouts

Instructions

1. Introduce the Scenario: Emma’s parents discovered someone has stolen their credit card number and made false charges. They canceled their cards and checked their old emails but couldn’t find how their credit card information was stolen. Now they want to check Emma’s emails for clues. Scouts will help figure out what went wrong.
2. Divide scouts into groups of 4-6. Give each group a stack of Emma’s Emails. If there are more emails than scouts, some scouts can analyze more than one. If there are more scouts than emails, pair them together to work on one email.
3. Scouts carefully read Emma’s Emails, looking for clues about what might have happened. They search for signs of phishing or anything suspicious, like fake links, grammatical errors, or strange sender addresses.
4. Groups compare notes and decide which email seems to have caused the problem. They identify the phishing email and explain what tipped them off (e.g., sender address, urgency, or unusual requests).

Answer For leaders: Emma was targeted by a phishing email that appeared to be from Amazon. Believing the email was genuine, she clicked on a link and entered her parents’ credit card details, thinking it was necessary to secure her account. Unfortunately, the link was fraudulent, and the information went directly to the scammer instead.