From various forums, mailing lists, discussions and other sources (many of which exist only in my febrile imagination), herewith a bit of a compilation of mottoes that can be used as part of a security awareness campaign:
No-one in Africa wants to GIVE anyone their money or gold.
Microsoft/Google/a Russian oil magnate/VW/BMW/etc certainly does not want to GIVE anyone money/a car/etc.
A stunning Russian blonde DOES NOT want to marry you.
If it sounds too good to be true, IT IS.
A web site, Email message, IM or tweet that tells you you need to install security software IS LYING.
Just because it’s in a Google search result or an “ad by Google” does NOT mean it is safe.
If the options seem to be “Click OK/Run/Install” or “turn off the computer”, TURN OFF THE COMPUTER.
Did your friend really send you that message?
Is your friend really as smart about computer security as you think?
A. No B. Not at all C. Well and truly not D. All the above
You didn’t win the Irish lottery.
Your bank doesn’t want you to change your password.
Don’t be Phish Phood.
Pwnly Phools Phall for Phishing.
Think, THINK every click.
Need extra money? Want to work from home? Getting a job from a spammer is NOT A GOOD IDEA!!!
When did you last make a backup? Do you want to do [period of time] worth of work all over again?
Report the suspicious, not the strange.
If the bank thinks your online account has been hacked, they won’t warn you by email.
Being sociable doesn’t mean being totally open. Be careful what you disclose via social media.
If someone wants/offers to make something really easy for you, there is a way that can be used against you.
Hide your ‘cheese’ (get a router).
A patch a day keeps hackers away (keep your OS and apps up to date).
Always wear a helmet (install a firewall/antivirus package).
The great unknown ain’t so great (only use software you can trust).
Use sunscreen to prevent burns (lock down your OS and apps).
Make 007 jealous (learn to use additional security tools).
“Password” is not a password (use strong passwords).
Keep your skeletons in the closet (protect your personal data).
Don’t be a dork (be smart when you’re on-line).
Keep your dukes up (stay informed and vigilant).
Infosec is like a sewer: what you get out of it, depends on what you put into it.
Some are recently from the #InfosecMotherlyAdvice tag on Twitter:
Don’t click … it’ll get infected.
Don’t take cookies from strangers.
Idle systems are a botnet’s playground.
A backup in hand is worth two in the cloud.
While you’re connected to my network you’ll live by my firewall rule.
A backup a day keeps data loss away.
We’d better get you a bigger firewall – you’ll grow into it.
Close the security holes, you’re letting all our sensitive data out.
If your system gets compromised and crashes, don’t come emailing to me.
Always encrypt your data. you never know when you’ll have an accident.
If everybody else clicked on links in emails, would you do that too?
Either you’re inside the firewall, or outside the firewall! Don’t leave it open!
Install your patches if you want your security to grow up big and strong.
Don’t put that in your browser, you don’t know where it’s been.
Someday your bluescreen will freeze like that!
It’s all fun and games until someone loses sensitive data.
Only you can prevent Internet meltdowns.