Safe Computing — Inbox Defense
A 5-minute gamified AP CSP lesson on safe computing. Identify phishing attacks, match risks to defenses, and earn a Security Pro badge.
- Safe Computing: Inbox Defense
- Key Concepts
- Risks vs. Defenses at a Glance
- Common Risks
- Defenses
- Mini-game 1 — Inbox Triage
- Mini-game 2 — Match Risk to Defense
- Lock it in
Safe Computing: Inbox Defense
AP CSP Big Idea 5.6 · ~5 minute lesson · Risks, defenses, and phishing
Earn Security Pro Badge
2 mini-games
Exam-ready
Key Concepts
- PII (Personally Identifiable Information): Data that can identify a person — name, location, medical records, SSN, biometrics.
- Phishing: Fake messages designed to trick you into revealing private info. Look for urgency, suspicious links, and requests for credentials.
- Malware: Software built to damage or spy — keyloggers, ransomware, viruses.
- Encryption: Scrambles data so only authorized parties can read it. HTTPS encrypts web traffic.
- Multifactor Authentication (MFA): Requires 2+ forms of proof (password + phone code). A stolen password alone won't grant access.
- AP exam angle: You'll match a risk to the correct defense. A defense reduces risk — it rarely eliminates it entirely.
Risks vs. Defenses at a Glance
Common Risks
- Stolen passwords
- Phishing emails
- Public Wi-Fi snooping
- Unpatched software
- Over-sharing PII online
Defenses
- Multifactor authentication
- Verify sender before clicking
- Use HTTPS / VPN
- Install updates promptly
- Limit what you share publicly
AP tip: A defense reduces risk. It does not eliminate all risk. The exam loves this distinction.
Mini-game 1 — Inbox Triage
You just got 5 messages. For each one, decide: is it safe or phishing?
HOW TO PLAY
Read each message and click Safe or Phishing. You'll get instant feedback and a score at the end.
Mini-game 2 — Match Risk to Defense
Select a defense from the pool, then click the risk it protects against.
HOW TO PLAY
1. Click a defense chip (yellow outline appears). 2. Click the matching risk slot to place it. Green = correct, red = wrong.
Lock it in
- A website asks for your SSN to "verify your prize." Risk? (Phishing — never give PII to unverified sources)
- Why is MFA safer than a password alone? (Even if the password is stolen, the attacker lacks the second factor)
- Your friend posts their phone number publicly. What's the risk? (PII exposure — could enable identity theft or spam)