Aware 360 Pro Application

MODULE 18 — Workplace Online Safety & Professional Conduct

Aware360 Pro – Module 18: Workplace Online Safety & Professional Conduct

MODULE 18 — Workplace Online Safety & Professional Conduct

Protect your work email, reputation, company data and future career from online threats.

💼 Why Workplace Online Safety Matters

Scammers don’t just attack home users. They target workplaces, companies, charities, clubs and schools — because one successful email can unlock thousands or millions of pounds, plus sensitive data.

In this module you will learn how to:
  • Spot scams in work emails, HR messages and invoices
  • Recognise fake recruiters and LinkedIn predators
  • Protect client/staff data and HR privacy
  • Stay professional online and avoid conduct breaches

Think of this as self-defence for your job, reputation and organisation. 🛡️

🚨 The Big Workplace Threats

Online dangers at work usually fall into four big categories:

  • Work emails targeted – phishing, fake CEO messages, malware links.
  • Fake invoice scams – edited bank details, cloned suppliers.
  • HR & privacy breaches – leaked staff data, dodgy “update” forms.
  • LinkedIn predators & job phishing – fake recruiters, job offers and investors.
Tap to see the golden rule at work

Never move money or share sensitive info based on a single unexpected message.

Pause, verify on a different channel, and follow your organisation’s procedures.

👔 CEO / Manager Impersonation Simulator

One of the most expensive work scams is when criminals pretend to be a senior manager and pressure staff into sending money or data.

Scenario — “Urgent Transfer for a Secret Deal”

You receive an email that looks like it’s from your CEO, marked “URGENT & CONFIDENTIAL”. They ask you to transfer £8,500 to a new supplier account within the next 20 minutes and say you must not speak to anyone else as it could “jeopardise the negotiation”.

Key sign: Real managers respect finance procedures. Scammers try to bypass them with secrecy and urgency.

📑 Fake Invoice Detector

Invoice scams can drain huge amounts from organisations. Can you spot which invoice is more suspicious?

Invoice A

Supplier: Office Essentials Ltd
Invoice No: OE-2025-1432
Bank: UK Business Bank
Sort code: 40-11-22
Account: 12345678
Details match previous invoices on record.

Invoice B

Supplier: Office Essentials Limited
Invoice No: OE-2025-1432-NEW
Bank: UK Business Bank
Sort code: 40-11-22
Account: 87654321
Email: payments@office-essentialsltd-pay.com
Tap an invoice to see which one is more likely to be fake.
Checks that help: Compare bank details to trusted records, confirm changes with the supplier via known contacts, and watch for subtle name changes.

📨 Job Phishing & Fake Employer Messages

Scammers pose as employers or recruiters, especially via email and LinkedIn. See if you can tell which is safer.

Subject: Immediate Job Offer – No Interview Required

Dear Candidate,

We have reviewed your social profile and are pleased to offer you a remote admin role paying £48,000/year.

You do not need an interview. Simply click the link below to complete pre-employment checks and upload a copy of your passport and bank card (front and back):

http://instant-job-offer-checks.com

This link expires in 2 hours.

Subject: Invitation to Interview – Operations Assistant

Dear [Your Name],

Thank you for your application for the Operations Assistant role.

We would like to invite you to a 30-minute interview via Microsoft Teams. Please note, we will never ask you to share card PINs or full passwords. Any documents will be handled through our secure HR portal only.

Best regards,
HR Team
[Recognised Company Name]
Tap each message to see which is likely fake and why.

🤝 LinkedIn Predators & Fake Recruiters

Not every professional-looking profile is genuine. Tap each card to reveal how the trick works.

“We found your profile & want to hire you immediately.”
Real recruiters almost always arrange a call or interview and use corporate email addresses. Scammers try to move you quickly to WhatsApp or Telegram and push you toward dodgy “onboarding fees” or fake roles.
“Investor wants to discuss a special partnership.”
Fake investors may push you into schemes that require you to send money or invite your company to buy into unauthorised deals. Legitimate investors won’t rush you into secrecy or money transfers.
“We can upgrade your LinkedIn & get you high-paying roles.”
Some scammers sell fake CV rewriting or job matching. They may ask for card details or logins. Use trusted services and never share passwords.
Profile with no history but grand job titles.
Look for a work history, recommendations and mutual connections. New, empty or vague profiles claiming senior roles can be a sign of fake identities.

🧾 HR Privacy & Payroll Scams

Criminals love HR and payroll, because those teams handle names, addresses, salaries and bank details.

Scenario — “Update My Bank Details”

An email arrives in HR claiming to be from an employee, asking to update their salary bank account. The sender address is slightly different to the one on file.

Good practice: Any change to bank details should be confirmed through known channels, not just an email.

🔒 Workplace Data Privacy Wall

At work, “data” isn’t just IT talk. It’s people’s lives: salaries, addresses, medical notes, performance reviews.

Staff & client details
Keep names, addresses, phone numbers and emails within approved systems — not on random USB sticks or personal email accounts.
HR & medical notes
Extremely sensitive. Should never be shared in group chats or left on printers or open screens.
Financial & contract data
Budgets, invoices and contracts must be stored securely, not uploaded to public drives or shared with unauthorised contacts.
Login & security info
Never share passwords, one-time codes or security answers, even with colleagues. Use role-based access instead.
Think GDPR-style: Only access what you need, keep it secure, and don’t share it without a lawful, work-related reason.

📎 Malicious Attachments Mini-Game

Not all file types are equal. Some are higher risk for malware.

Which attachment would you be most careful with?

Tap each attachment type to see why some are higher risk.

✉️ Phishing Email Dissector

Tap different parts of this suspicious email to highlight red flags.

From: IT-Security-Alert@company-secure-support.com
Subject: ACTION REQUIRED – Your Work Account Will Be Disabled Dear User, We have detected unusual activity on your work account. To avoid suspension, you must confirm your password and security details immediately. Click the link below within 30 minutes or your account and email data will be permanently deleted: http://company-verify-login-security.com Regards, IT Security Team
Sender address Login link 30-minute deadline Request for password/security details
Tap each tag above to see why it’s suspicious.

🌐 Workplace WiFi & Remote Work Safety

Working from cafés, trains or home? Small mistakes can expose company data.

Public WiFi risk
Avoid logging into sensitive systems on open WiFi. If you must, use a VPN and only approved company devices.
Shoulder-surfing
People behind you can read your screen. Use privacy filters and be aware of who is nearby when handling private data.
Personal vs work devices
Personal devices may lack security tools and policies. Follow your organisation’s rules on where you can access work data.
Lock screens & timeouts
Lock your screen when away from your desk and use automatic timeouts so devices aren’t left logged in and unattended.

👩‍💻 Professional Online Conduct

What you post, comment and share can affect your job and your organisation.

Tap each example to see if it’s safe or risky:

“Fed up of this place. Management are useless and the clients are even worse. Can’t wait to leave!” (Public Facebook rant showing your workplace name.)
“Proud to be part of an amazing team delivering [project name]! Big thanks to everyone involved.” (No confidential info shared.)
Screenshot of internal email about a staff disciplinary, posted in a private group chat with friends.
Sharing client names and project details on LinkedIn without permission, to “show off” your work.
Rule of thumb: Don’t post anything you wouldn’t be comfortable reading out loud to your manager, HR and the person it’s about.

🧱 Online Bullying & Harassment at Work

Workplace harassment isn’t just face-to-face. It happens over email, group chats and social platforms too.

  • Repeated negative comments in group chats targeting one person.
  • Sharing humiliating memes or edited photos of colleagues.
  • Leaving someone out of important online conversations on purpose.
  • Using work systems to send insults, threats or abuse.
Professional conduct: Harassment and bullying can break policy and law. Save evidence, report through proper channels, and don’t join in even “as a joke”.

📘 Quick Workplace Scenarios

Swipe through realistic mini-stories. Each shows a different online risk.

✅ Your Workplace Online Safety Checklist

Use this as a quick mental review next time something feels “off” at work.

  • ☑ I never move money based only on an email or chat message.
  • ☑ I verify bank detail changes with trusted contacts.
  • ☑ I treat all urgent, secret requests as suspicious until checked.
  • ☑ I don’t share passwords or one-time codes with anyone.
  • ☑ I avoid posting about internal issues or confidential info online.
  • ☑ I lock my screen when away and keep files secure.
  • ☑ I report suspicious emails, links or behaviour to the right team.

🧪 Advanced Workplace Threat Lab

Tap a tile below to explore advanced real-world threats in a fun, bite-sized way.

Tap a topic to explore it.

In this lab you’ll see how tiny details — a header line, a QR code, a USB stick, a rushed reply — can open the door to major data breaches.

Pick any tile to see a realistic scenario, how attackers exploit it, and how you can shut it down.

🧠 Workplace Online Safety & Conduct Quiz (20 Questions)

Check your understanding of emails, HR, LinkedIn, behaviour and job scams.

Question 1 / 20

🏅 Module Complete – Workplace Safety Champion

You’ve earned the “Workplace Safety Champion” badge!
You’ve trained in work email protection, fake invoices, HR privacy, LinkedIn safety, job phishing, professional conduct and advanced threat awareness.

Remember:
  • Your actions online can protect or expose your whole organisation.
  • Pause, verify and follow procedure — even if the request looks important.
  • Professional behaviour online is part of your personal safety toolkit.

You can replay this module, use it in staff training, or move on to the next Aware360 Pro safety topic.

Useful Links
Aware 360 Pro Application
  • NEST Management Ltd
  • Unit 3.2 Wilford Business Park
  • Ruddington Lane
  • Nottingham
  • NG11 7EP
  • 01159455030

myMA Website by  NEST Management