Example:
The Email No One Opened (Until It Was Too Late)
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Navigation
Listen
buttons
Use the following buttons to navigate through the course content
Listen
Play the audio for the current page
hOME
nEXT
PREVIOUS
Return to the previous page
Return to the course home page
Move to the next page
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Hi, I’m Chloe, and I want to walk you through a cybercrime case that didn’t start with a dramatic hack. It started with something ordinary—an email that looked boring enough to ignore. And that’s exactly why it worked.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part I – The Situation
You work for a community health organization—something that serves real people every day. Your office isn’t huge. Budgets are tight. People wear multiple hats. Everyone is busy. You have a small IT team, maybe even one person managing security “as part of their job.”
On a Tuesday morning, a staff member in billing receives an email that looks routine: a message from a vendor about an “updated invoice.” The subject line is bland. The sender name looks familiar. The email even includes details that appear correct—like a vendor logo and language that matches past emails.
The staff member clicks the attachment. A document opens. Nothing happens. No pop-ups, no error messages. So the person shrugs and moves on. If you’re being honest, you’ve probably done the same thing at some point.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
But behind the scenes, something happened.
The attachment wasn’t just a document. It was a delivery mechanism. It triggered a malicious script that installed a lightweight tool—quiet, fast, designed to avoid detection. It didn’t lock the files. It didn’t announce itself. It simply created a foothold.
Over the next week, the attacker does what cybercriminals often do: they move slowly. They look around. They collect credentials. They search for high-value systems. They check backups. They identify which servers matter and which people have elevated access.
Then, on Friday at 2:00 a.m., the event finally becomes visible.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Staff arrive in the morning and can’t access the scheduling system. The patient portal is down. Shared drives are locked. Every screen shows the same message:
“Your files have been encrypted. Pay within 72 hours or your data will be published.”
Now the organization is in crisis. Not just “IT crisis.” A human crisis.
Appointments cannot be confirmed. Patients can’t access information. Staff can’t do basic work. And because this is a health organization, there may be sensitive data involved. The pressure is intense.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Leadership is terrified of two things:
- Downtime and operational collapse
- The threat of public data exposure
A board member asks, “Can we just pay and make it go away?”
Another leader says, “No, paying is unethical. It funds crime.”
Another says, “But what about the people who need care? What about our obligation to restore services?”
You’re now at the center of Week 4: cyber threats become crimes, and crimes become ethical dilemmas with real stakes.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part II – The Shift
The incident response begins. And immediately, you face a hard truth: response under pressure reveals whether you planned.The first thing you do is stabilize:
- Isolate affected systems to prevent spread
- Preserve logs and evidence
- Identify critical services that must come back first
- Notify leadership with clear, calm facts—not speculation
Then you bring in legal counsel and, if required, notify appropriate authorities. Because once data exposure is possible, the organization may have legal obligations—especially if sensitive personal data is involved.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Now comes the key decision: pay or not pay. This is where cybercrime becomes both strategic and ethical. You evaluate the situation using a structured approach:
- What is the scope of encryption and exfiltration?
- Do we have clean backups?
- How fast can we restore essential services?
- Is the attacker known for honoring “decryption” promises?
- What is the risk to individuals if data is leaked?
- What are the legal and reputational implications of each choice?
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
You also recognize something critical: paying does not guarantee safety.
Even if the attacker provides a decryption key, systems can remain compromised. Attackers can lie. Data can still be sold. And paying marks you as a target for repeat attacks.
So you treat “paying” not as a solution, but as one risky option in a broader set of consequences.
Meanwhile, the criminals escalate pressure. They send a sample file as “proof” they stole data. They threaten reporters. They threaten to contact patients.
This is what cybercrime looks like in practice: it’s coercion.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Response
So you communicate internally with discipline:
- Staff are told not to engage attackers directly
- All communication is centralized
- rumors are replaced with updates on a consistent schedule
- Clinicians are given contingency workflows
- Patients are told what services are available and what to do next
Then you do something else that matters: you treat staff with care. Because cybercrime often creates blame culture: “Who clicked?” “Who caused this?”
But blame doesn’t restore systems. Blame creates fear, and fear creates silence.
Instead, leadership emphasizes process improvement: what controls failed, what training gaps exist, what backups were insufficient, and what identity controls were weak.
The incident becomes a systems problem, not a moral failing of one employee.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part III – Results
Because the organization had partial backups—some clean, some outdated—you restore the most critical systems first. Operations resume in a limited way within a week, with manual workflows filling gaps. It’s painful, but it’s functioning.
You also complete a forensic review that shows how the attacker got in: the invoice email, the attachment, and a missing security control that allowed the script to execute.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Results
In the weeks that follow, the organization implements layered defenses:
- Stronger email filtering and attachment controls
- Multi-factor authentication for privileged accounts
- Segmented networks to prevent lateral movement
- Tested backups with clear recovery timelines
- Incident response runbooks and tabletop exercises
- Clear reporting culture: “If you clicked, report immediately—no punishment for honesty.”
The impact is real: operations improve, resilience increases, and staff become more willing to report suspicious events early.
And the organization learns a hard lesson: cybercrime isn’t just a tech problem. It’s a governance, training, and resilience problem.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part IV – Takeaway
Here’s your Week 4 takeaway: cyber threats and crimes operate like processes with incentives—access, leverage, profit, and avoidance.
When you understand that process, you can disrupt it with layered defenses, disciplined response, and ethical decision-making that protects people—not just systems.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You've successfully completed the example
home
previous
W4_LSTD517_Example
Griky Kontent
Created on February 3, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Wall and Neon Infographic
View
Movies List
View
Hand-Drawn Infographic
View
Food Infographic
View
Neighborhood List
View
Volcano list
View
Pc mockup infographic
Explore all templates
Transcript
Example:
The Email No One Opened (Until It Was Too Late)
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Navigation
Listen
buttons
Use the following buttons to navigate through the course content
Listen
Play the audio for the current page
hOME
nEXT
PREVIOUS
Return to the previous page
Return to the course home page
Move to the next page
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Hi, I’m Chloe, and I want to walk you through a cybercrime case that didn’t start with a dramatic hack. It started with something ordinary—an email that looked boring enough to ignore. And that’s exactly why it worked.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part I – The Situation
You work for a community health organization—something that serves real people every day. Your office isn’t huge. Budgets are tight. People wear multiple hats. Everyone is busy. You have a small IT team, maybe even one person managing security “as part of their job.”
On a Tuesday morning, a staff member in billing receives an email that looks routine: a message from a vendor about an “updated invoice.” The subject line is bland. The sender name looks familiar. The email even includes details that appear correct—like a vendor logo and language that matches past emails.
The staff member clicks the attachment. A document opens. Nothing happens. No pop-ups, no error messages. So the person shrugs and moves on. If you’re being honest, you’ve probably done the same thing at some point.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
But behind the scenes, something happened.
The attachment wasn’t just a document. It was a delivery mechanism. It triggered a malicious script that installed a lightweight tool—quiet, fast, designed to avoid detection. It didn’t lock the files. It didn’t announce itself. It simply created a foothold.
Over the next week, the attacker does what cybercriminals often do: they move slowly. They look around. They collect credentials. They search for high-value systems. They check backups. They identify which servers matter and which people have elevated access.
Then, on Friday at 2:00 a.m., the event finally becomes visible.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Staff arrive in the morning and can’t access the scheduling system. The patient portal is down. Shared drives are locked. Every screen shows the same message:
“Your files have been encrypted. Pay within 72 hours or your data will be published.”
Now the organization is in crisis. Not just “IT crisis.” A human crisis.
Appointments cannot be confirmed. Patients can’t access information. Staff can’t do basic work. And because this is a health organization, there may be sensitive data involved. The pressure is intense.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Leadership is terrified of two things:
A board member asks, “Can we just pay and make it go away?”
Another leader says, “No, paying is unethical. It funds crime.” Another says, “But what about the people who need care? What about our obligation to restore services?” You’re now at the center of Week 4: cyber threats become crimes, and crimes become ethical dilemmas with real stakes.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part II – The Shift
The incident response begins. And immediately, you face a hard truth: response under pressure reveals whether you planned.The first thing you do is stabilize:
Then you bring in legal counsel and, if required, notify appropriate authorities. Because once data exposure is possible, the organization may have legal obligations—especially if sensitive personal data is involved.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Now comes the key decision: pay or not pay. This is where cybercrime becomes both strategic and ethical. You evaluate the situation using a structured approach:
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
You also recognize something critical: paying does not guarantee safety.
Even if the attacker provides a decryption key, systems can remain compromised. Attackers can lie. Data can still be sold. And paying marks you as a target for repeat attacks.
So you treat “paying” not as a solution, but as one risky option in a broader set of consequences.
Meanwhile, the criminals escalate pressure. They send a sample file as “proof” they stole data. They threaten reporters. They threaten to contact patients.
This is what cybercrime looks like in practice: it’s coercion.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Response
So you communicate internally with discipline:
Then you do something else that matters: you treat staff with care. Because cybercrime often creates blame culture: “Who clicked?” “Who caused this?” But blame doesn’t restore systems. Blame creates fear, and fear creates silence.
Instead, leadership emphasizes process improvement: what controls failed, what training gaps exist, what backups were insufficient, and what identity controls were weak. The incident becomes a systems problem, not a moral failing of one employee.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part III – Results
Because the organization had partial backups—some clean, some outdated—you restore the most critical systems first. Operations resume in a limited way within a week, with manual workflows filling gaps. It’s painful, but it’s functioning.
You also complete a forensic review that shows how the attacker got in: the invoice email, the attachment, and a missing security control that allowed the script to execute.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Results
In the weeks that follow, the organization implements layered defenses:
The impact is real: operations improve, resilience increases, and staff become more willing to report suspicious events early.
And the organization learns a hard lesson: cybercrime isn’t just a tech problem. It’s a governance, training, and resilience problem.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part IV – Takeaway
Here’s your Week 4 takeaway: cyber threats and crimes operate like processes with incentives—access, leverage, profit, and avoidance.
When you understand that process, you can disrupt it with layered defenses, disciplined response, and ethical decision-making that protects people—not just systems.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You've successfully completed the example
home
previous