The Badge Archive

• Fulfills Step 5 of GSUSA Junior Cybersecurity Investigator badge requirements.
• Fulfills Step 2 of GSUSA Cadette Cybersecurity Investigator badge requirements.

Info Needed for badge requirements: Phishing is when cyber criminals try to trick you into sharing private information, like passwords, addresses, or credit card numbers. They create fake messages that look real, such as emails, texts, or posts on social media. These messages often try to get you to click on bad links, download harmful attachments, or share your personal details.

Phishing messages often:

• Create a sense of urgency (e.g., “act now”).
• Play with emotions to make you worried or excited.
• Use small clues, like bad grammar or fake links, that give away they are not real.

To protect yourself:

• Always think before you click.
• Never share private information like passwords or payment details through email.
• If you get a message from a company, don’t click on links in the email. Instead, open a browser and go directly to the company’s website to log in.

Items Needed:

• VTK Email Messages from GSUSA (one set for each pair of scouts)
• Pens or pencils (one for each pair of scouts)

Instructions:

1. Divide scouts into pairs.
2. Give each pair a set of Email Messages. Scouts work together to circle all the differences they notice between the two emails. Scouts decide which email is legitimate and discuss their findings.
3. Encourage scouts to spot red flags like:
   • Spelling or grammar mistakes.
   • Mismatched email addresses.
   • Links that don’t match the organization (hover over links to check their destination).
   • Urgent or emotional language.
   • Missing information, like privacy policies.
4. Share the answer: The “Your Credit Card has been Compromised!” email is the phishing email. Highlight clues that show it’s fake, such as exclamation points, typos, and missing privacy information.