top of page

MODULE 4

Recognizing And Reporting Suspicious Actives

4.png

RECOGNIZING AND REPORTING SUSPICIOUS ACTIVITIES

​

AIM AND PURPOSE

The goal of this module is to equip individuals and organizations with the skills necessary to recognize and properly report suspicious cyber activities. Being able to identify early warning signs of cyber threats is crucial in minimizing damage and protecting data, systems, and infrastructure. This module empowers users to act as the first line of defense, fostering a proactive cybersecurity culture.

​

INTRODUCTION

In today's interconnected digital world, cyber threats are more sophisticated than ever. Hackers, scammers, and malicious insiders continually develop new ways to exploit system vulnerabilities. Recognizing early indicators of these threats is key to stopping attacks before they escalate. Whether it's a suspicious email, unusual system behavior, or an unexpected request, knowing what to look for and how to respond can prevent a minor issue from becoming a full-blown breach.

LEARNING OBJECTIVES

By the end of this module, learners will be able to:

  • Understand what constitutes suspicious cyber activity.

  • Identify common signs of phishing, malware, and social engineering attempts.

  • Recognize unusual behavior on devices and networks.

  • Understand internal and external reporting procedures.

  • Respond promptly and effectively when suspicious activities are detected.

WHAT IS SUSPICIOUS CYBER ACTIVITY?

​

Suspicious activity refers to any behavior or event that suggests a potential security breach or an attempt to compromise systems or data. It could be external—like a phishing email from an unknown sender—or internal—such as an employee accessing files they shouldn't.

Suspicious activity doesn’t always indicate a confirmed attack. Instead, it signals something worth investigating further. Knowing the early signs can significantly reduce response time and limit damage.

 

Examples include:

  • Receiving emails from unverified sources asking for login credentials.

  • A sudden slowdown in system performance.

  • Unknown software installed on your device.

  • Unexpected data transfers or file modifications.

  • Login attempts from unfamiliar locations or devices.

 

SPOTTING PHISHING ATTEMPTS

Phishing is one of the most common methods cybercriminals use to gain unauthorized access. It often arrives via email but can also occur through SMS, phone calls, or messaging apps. These attempts aim to trick users into revealing confidential information.

​

Key indicators of phishing include:

  • Generic greetings: Emails that start with "Dear user" or "Customer" instead of your actual name.

  • Spelling and grammatical errors: Legitimate organizations rarely send out poorly written messages.

  • Unusual sender addresses: The email address might look similar to a real one but often has slight deviations.

  • Fake links: Hover over a link to see its actual destination. If it doesn’t match the supposed destination, it’s likely fraudulent.

  • Urgency and threats: Messages may urge immediate action, such as "Verify your account now or it will be closed."

 

Example Scenario:

A staff member receives an email claiming to be from the IT department, requesting their password to update security settings. The sender’s email is slightly off—"it-support@yourcompanny.com" instead of "it-support@yourcompany.com". This subtle change is a common phishing tactic.

IDENTIFYING UNUSUAL DEVICE OR NETWORK BEHAVIOR

​

  • Cyber threats often manifest through strange behaviors in systems and devices. Malware, spyware, or unauthorized access can trigger changes that, if noticed early, can prompt swift action.

​

Watch for:

  • System lag: Devices running slower than usual without explanation.

  • Pop-ups or unauthorized applications: Unexpected installations or pop-up ads appearing.

  • Disabled security features: Antivirus or firewall settings changing without user input.

  • Unusual network activity: Unrecognized connections, high data usage, or frequent disconnections.

  • Unfamiliar accounts: New user accounts appearing without authorization.

 

Example Scenario:

  • You notice your laptop’s fan running loudly and applications freezing more often than usual. A scan reveals a hidden program using system resources. Investigation finds it's spyware collecting keystrokes.

SOCIAL ENGINEERING TACTICS

​

Social engineering involves manipulating individuals into giving away confidential information. Unlike technical attacks, it targets human psychology and trust.

​

Common tactics include:

  • Pretexting: An attacker pretends to need information to confirm identity.

  • Baiting: Offering something enticing (e.g., a free download) that’s actually malicious.

  • Tailgating: Following an authorized person into restricted areas.

  • Quid pro quo: Offering a service in exchange for access (e.g., fake IT support).

 

Example Scenario:

An individual calls the office claiming to be a vendor needing remote access to fix a billing issue. They use urgency to pressure the employee into sharing login details.

 

Best response:

Always verify identities. Do not share sensitive information unless you’ve confirmed the person’s legitimacy.

 

 

HOW TO REPORT SUSPICIOUS ACTIVITIES

Reporting suspicious activity promptly ensures faster containment and investigation. Whether in a small business or a large organization, every user plays a role in maintaining security.

Internal Reporting Procedures:

  • Designated security contact: Know who to report to—usually an IT administrator or security officer.

  • Incident reporting forms: Use official channels to document the event.

  • Screenshots and logs: Capture evidence of the suspicious behavior.

  • Do not tamper: Leave the device or email as-is for analysis.

​

External Reporting Agencies:

  • CERT (Computer Emergency Response Team): Many countries have national CERTs for cybersecurity incidents.

  • FTC (Federal Trade Commission): For U.S.-based incidents involving scams or data breaches.

  • Local authorities: Especially for cases involving financial fraud or identity theft.

 

Example Scenario:

An employee receives multiple passwords reset emails they didn’t request. They immediately notify IT, who finds a brute-force attack targeting employee accounts. The attack is mitigated before access is gained.

BEST PRACTICES FOR HANDLING SUSPICIOUS ACTIVITY

  • Stay Calm: Panic can lead to errors. Assess the situation before acting.

  • Don’t engage with the source: Avoid clicking links or replying to suspicious messages.

  • Secure your account: If compromised, reset passwords and enable multi-factor authentication.

  • Notify others: Inform teammates to prevent further spread.

image.png

CASE STUDIES

​

Case Study 1:

Phishing Attack on a Non-Profit Organization

A non-profit employee received an email that appeared to come from the executive director, asking for a list of donor email addresses. The email address looked legitimate, but the request was unusual. The employee reported it instead of complying. IT confirmed it was a spoofed email designed to gather private information.

​

Lesson:

If something feels off—even from someone you know—double-check.

 

Case Study 2:

Malware on Company Devices

A financial institution detected abnormal traffic from one employee’s workstation. Upon investigation, IT found that malware had been installed through a fake software update. The employee had dismissed multiple warnings from their antivirus software.

​

Lesson:

Pay attention to system warnings and never download updates from unverified sources.

CONCLUSION

Cybersecurity is not just the responsibility of IT professionals. Every user is a potential target—and also a potential first responder. Recognizing and reporting suspicious activities in a timely and effective manner can be the difference between a contained incident and a full-scale breach. With increased awareness, clear reporting procedures, and a culture of vigilance, individuals and organizations can better protect their digital assets.

QUIZ & ASSIGNMENT

 

Quiz

  1. Which of the following is NOT a common sign of a phishing email? a) Personalized greeting b) Urgent call to action c) Unusual sender address d) Poor grammar and spelling

  2. If you suspect malware on your system, what should you do FIRST? a) Restart your computer b) Delete the suspected file c) Disconnect from the internet and report it d) Run a disk cleanup

  3. What is tailgating in cybersecurity? a) A network tracking tool b) A virus that disables firewalls c) Unauthorized physical access by following someone d) Software that monitors user behavior

  4. Who should you report suspicious cyber activity to in your organization? a) Your colleague b) The media c) Your organization’s security contact or IT team d) A software vendor

  5. What is the best reason to document and report all suspicious activity, even if it turns out to be harmless? a) To reduce workload b) To follow legal obligations c) To help build a better defense and prevent future threats d) To satisfy curiosity

ASSIGNMENT

Scenario Analysis: Write a one-page report analyzing the following situation:

"You receive an email claiming to be from your bank, asking you to confirm a recent transaction by clicking a link. You hover over the link and notice it redirects to an unfamiliar URL."

Your report should:

  • Identify the type of threat.

  • Explain the red flags you noticed.

  • Describe how you would respond.

Outline how you would report the incident in your organization.

cyber-security-course-online.jpg

Protect your digital world Enroll in our Cybersecurity Course Today at InfoSafely! Learn how to detect scams, secure your data, and browse safely online. Don’t wait until it’s too late Cyber threats are real and growing! Be smart. 

© 2025 By The Infosafe Team. Focus On Online Course Cybersecurity

bottom of page