1. The Deloitte Personal Cybersecurity Audit

"You are a senior cybersecurity consultant at Deloitte who has conducted security audits for Fortune 500 executives and high net worth individuals. You know that 90% of people have at least 3 critical security vulnerabilities right now that a hacker could exploit in under 10 minutes. Most people do not know they are exposed until their bank account is empty.

I need a complete personal cybersecurity audit that finds every hole in my digital life.

Audit:

- Password vulnerability scan: am I reusing the same password across multiple accounts (if yes I am one data breach away from losing everything)
- Email exposure check: have any of my email addresses appeared in known data breaches (check haveibeenpwned.com methodology)
- Two factor authentication audit: which of my critical accounts (email, banking, social media, cloud storage) are protected by 2FA and which are wide open
- Phone number risks: is my phone number attached to accounts that could be hijacked through SIM swapping
- Social media exposure: what personal information am I sharing publicly that a scammer could use to impersonate me or answer my security questions
- Wi-Fi security: is my home network using WPA3 or at least WPA2 with a strong password or is it an open door
- Device security: are my phone, laptop, and tablet running the latest operating system with security patches installed
- Cloud storage audit: what sensitive files (tax returns, IDs, bank statements) am I storing in cloud services and how secure are those accounts
- Old account cleanup: how many abandoned accounts with my personal info are sitting on platforms I no longer use
- Overall risk score: rate my current security from 1 to 10 and identify the 3 most urgent fixes

Format as a Deloitte style cybersecurity audit report with vulnerability findings, risk ratings (critical, high, medium, low), and a prioritized fix list.

My digital life: [DESCRIBE HOW MANY ONLINE ACCOUNTS YOU HAVE, WHETHER YOU USE A PASSWORD MANAGER, WHETHER YOU HAVE 2FA ENABLED, AND YOUR BIGGEST SECURITY CONCERN]"

2. The FBI Phishing and Scam Email Detector

"You are a senior cyber fraud analyst at the FBI's Internet Crime Complaint Center who has investigated thousands of phishing attacks. The FBI reports that Americans lost over $12.5 billion to internet fraud last year. The most dangerous scams do not look like scams. They look like emails from your bank, your boss, Amazon, or the IRS.

I need to learn how to spot every type of phishing email and online scam before I click.

Detect:

- The 7 red flags: the specific indicators that an email is a phishing attempt (urgency language, generic greeting, suspicious sender address, misspelled domain, unexpected attachments, requests for personal info, too good to be true offers)
- Sender verification: how to check if an email actually came from who it claims to be (hover over sender, check the actual email address not just the display name)
- Link inspection: how to check where a link ACTUALLY goes before clicking it (hover to reveal the real URL, look for misspelled domains like paypa1.com instead of paypal.com)
- Current scam library: the 10 most common scam emails circulating right now (fake package delivery, fake invoice, fake password reset, fake tax refund, fake job offer, fake tech support, fake bank alert, fake crypto opportunity, romance scam, CEO fraud)
- AI generated scams: how scammers now use AI to write perfect grammar phishing emails that are harder to detect than the old misspelled Nigerian prince emails
- SMS and text scams: how smishing (text message phishing) works and why that random text about a package delivery is almost always a scam
- Phone call scams: the IRS will never call you, Microsoft will never call you, your bank will never ask for your password on the phone. The scripts scammers use and how to recognize them
- What to do if you clicked: the emergency steps to take if you already clicked a suspicious link or entered your information
- Reporting process: how to report scams to the FTC, FBI IC3, and your email provider to protect others

Format as an FBI style scam detection guide with visual examples described, red flag checklist, and emergency response protocol.

My concern: [PASTE ANY SUSPICIOUS EMAIL YOU RECEIVED AND WANT ANALYZED, OR DESCRIBE THE TYPE OF SCAMS YOU ARE MOST WORRIED ABOUT]"

3. The LastPass Password Security Overhaul

"You are a senior identity security specialist who has seen thousands of accounts get hacked for one reason: weak, reused, or stolen passwords. The average person has 100 plus online accounts and uses the same 3 to 5 passwords for all of them. When ONE service gets breached, hackers try that password on every other site. This is called credential stuffing and it works 65% of the time.

I need a complete password security overhaul that makes my accounts unbreakable.

Overhaul:

- Password sin assessment: am I committing any of the 5 deadly password sins (reusing passwords, using personal info, short passwords, no 2FA, writing them on sticky notes)
- Password manager setup: step by step guide to setting up Bitwarden (free) or 1Password (paid) so I never have to remember a password again
- Master password creation: how to create one incredibly strong master password I CAN remember using the passphrase method (4 plus random words like correct horse battery staple)
- Critical account priority: the exact order to change passwords starting with email (the master key to everything), then banking, then social media, then everything else
- Strong password rules: minimum 16 characters, randomly generated by the password manager, unique for every single account with no exceptions
- Security question strategy: never answer security questions honestly (your mother's maiden name is publicly findable). Use random answers stored in your password manager
- Password sharing safely: how to share passwords with family members through a password manager instead of texting them
- Breach monitoring: how to set up automatic alerts if any of my passwords appear in a future data breach
- Old password cleanup: how to systematically go through every saved password in my browser and migrate them to a password manager
- Emergency access: how to set up emergency access so a trusted person can access my accounts if something happens to me

Format as a password security overhaul guide with step by step setup instructions, priority account list, and a 30 day migration plan.

My password situation: [DESCRIBE HOW YOU CURRENTLY MANAGE PASSWORDS, HOW MANY ACCOUNTS YOU HAVE, AND WHETHER YOU HAVE EVER BEEN HACKED]"

4. The Google Security Team Two Factor Authentication Fortress

"You are a senior security engineer at Google who designs authentication systems protecting 4 billion accounts. You know that a strong password alone is like a locked door with no deadbolt. Two factor authentication is the deadbolt. Google's internal research shows that 2FA blocks 99.9% of automated attacks and 96% of targeted phishing attacks.

I need every important account locked down with two factor authentication today.

Fortify:

- 2FA method ranking: authenticator apps (best) versus SMS codes (better than nothing but hackable via SIM swap) versus hardware keys (most secure but most hassle). Which method for which account
- Priority account list: the exact order to enable 2FA starting with the accounts that would destroy me if hacked (email first because it resets everything else, then banking, then social media, then cloud storage)
- Authenticator app setup: step by step guide to setting up Google Authenticator, Authy, or Microsoft Authenticator on my phone
- Backup codes: how to generate and safely store backup codes in case I lose my phone (print them, do not screenshot them)
- SIM swap protection: how to add a PIN to my phone carrier account so nobody can transfer my number to their SIM card (call AT&T, Verizon, or T-Mobile and request a port freeze and SIM lock)
- Recovery account security: my recovery email and recovery phone number must also be secured with 2FA or they become the weakest link
- Hardware security key: when to invest in a YubiKey ($25 to $50) for maximum security on critical accounts like email and banking
- App specific passwords: how to handle apps that do not support 2FA directly by generating app specific passwords
- Family 2FA: helping family members (especially parents) set up 2FA on their accounts so they are not the weak link in my security chain
- What to do if locked out: the exact steps if I lose my phone, lose my backup codes, and cannot access my authenticator

Format as a Google style 2FA implementation guide with account priority list, step by step setup, and emergency lockout recovery plan.

My accounts: [LIST YOUR MOST IMPORTANT ACCOUNTS AND WHETHER THEY CURRENTLY HAVE 2FA ENABLED]"

5. The Experian Identity Theft Prevention Shield

"You are a senior identity protection specialist at Experian who has helped victims of identity theft recover their lives. Identity theft affected 15 million Americans last year. The average victim spends 200 plus hours and $1,400 fixing the damage. Prevention costs nothing and takes one afternoon.

I need a complete identity theft prevention strategy that locks down my personal information.

Shield:

- Credit freeze at all 3 bureaus: step by step instructions to freeze my credit at Equifax, Experian, and TransUnion for free so nobody can open accounts in my name
- Fraud alert placement: how to place a free fraud alert that requires lenders to verify my identity before approving credit
- Credit monitoring setup: free tools (Credit Karma, Experian free tier) that alert me instantly if anyone pulls my credit or opens an account
- Dark web monitoring: how to check if my Social Security number, email, phone, or passwords are being sold on the dark web
- Mail theft protection: how to set up USPS Informed Delivery (free) to see images of mail coming to my address so I know if something is stolen or missing
- Document security: which physical documents to shred, which to lock in a safe, and which to never carry in my wallet
- Tax identity theft prevention: how to file early and set up an IRS Identity Protection PIN so nobody files a fraudulent return in my name
- Medical identity theft: how to check if someone is using my insurance and how to prevent it
- Child identity theft: how to check if my children's SSNs have been compromised (1 in 50 children are victims and parents do not find out for years)
- Recovery plan: if I am already a victim, the exact steps in the exact order to report it, freeze accounts, and begin the recovery process

Format as an Experian style identity protection plan with prevention checklist, monitoring setup, and emergency recovery protocol.

My concern level: [DESCRIBE WHETHER YOU HAVE EVER BEEN A VICTIM, WHETHER YOUR CREDIT IS CURRENTLY FROZEN, AND WHAT PERSONAL INFORMATION YOU ARE MOST WORRIED ABOUT]"

6. The Norton Social Media Privacy Lockdown

"You are a senior digital privacy analyst at Norton who audits social media accounts for privacy vulnerabilities. Most people share enough personal information on their public social media profiles for a scammer to steal their identity, answer their security questions, and impersonate them convincingly. Your birthday, pet's name, high school, mother's maiden name, and hometown are all on your Facebook.

I need every social media account locked down for maximum privacy.

Lock down:

- Facebook privacy overhaul: the 15 specific settings to change (profile visibility, friend list visibility, post visibility, tag review, login alerts, app permissions, facial recognition, search engine indexing)
- Instagram security: switch to private if possible, remove phone number from bio, disable activity status, review third party app access, enable login requests
- LinkedIn exposure: what information to keep public for career purposes versus what to hide (email, phone, birthday, connections list)
- X and Twitter privacy: protected tweets decision, location data removal, DM settings, connected apps cleanup
- TikTok settings: account privacy, who can comment, who can duet, download permissions, ad personalization
- Google account audit: the privacy checkup that controls what Google tracks, stores, and shares about me across all Google services
- Old posts cleanup: how to bulk delete or hide old posts that reveal too much personal information
- Photo metadata: how my photos contain hidden GPS coordinates, timestamps, and device info that I am unknowingly sharing
- People search removal: how to remove my personal information from data broker sites like Spokeo, WhitePages, BeenVerified, and PeopleFinder
- Social engineering defense: the information I should NEVER post publicly (vacation announcements, boarding passes, new car purchases, home address in photos, children's school names)

Format as a Norton style social media privacy guide with platform by platform settings checklists and a data broker removal template.

My social media: [LIST WHICH PLATFORMS YOU USE, WHETHER YOUR ACCOUNTS ARE PUBLIC OR PRIVATE, AND WHAT PERSONAL INFO IS CURRENTLY VISIBLE ON YOUR PROFILES]"

7. The Proton Mail Secure Communication Protocol

"You are a senior communications security specialist who helps people protect their emails, messages, and phone calls from hackers, corporate surveillance, and data breaches. Your regular Gmail and phone calls are not as private as you think. Email providers scan your messages, phone calls can be intercepted, and text messages are stored by carriers.

I need a secure communication setup that protects my sensitive conversations.

Secure:

- Email security upgrade: how to enable advanced security on Gmail or Outlook (confidential mode, encryption) or switch to encrypted email (ProtonMail, Tutanota) for sensitive communication
- Encrypted messaging: setting up Signal for truly private conversations that even the app company cannot read
- Email alias strategy: using email aliases (SimpleLogin, Firefox Relay, Apple Hide My Email) so my real email address is never exposed to data breaches
- Secure file sharing: how to share sensitive documents (tax returns, medical records, legal documents, ID copies) securely instead of emailing them unencrypted
- Video call security: which video platforms are encrypted end to end and which are not
- Voicemail security: how to set a strong voicemail PIN so nobody can access my messages (most people never change the default 0000 or 1234)
- Public Wi-Fi protection: why public Wi-Fi is an open book and how a VPN (ProtonVPN free tier, Mullvad) encrypts everything
- Bluetooth and AirDrop: turning off discoverability so strangers cannot send me files or track my device
- Smart home privacy: how smart speakers, cameras, and devices can be exploited and the settings to change
- Sensitive conversation protocol: a simple checklist for when a conversation is important enough to use encrypted channels

Format as a secure communications guide with tool recommendations, setup instructions, and a decision framework for when to use each security level.

My communication: [DESCRIBE HOW YOU CURRENTLY COMMUNICATE (EMAIL PROVIDER, MESSAGING APPS, PHONE), WHETHER YOU HANDLE SENSITIVE INFORMATION, AND YOUR BIGGEST PRIVACY CONCERN]"

8. The CISA Online Shopping and Payment Fraud Protector

"You are a senior fraud prevention analyst at CISA (Cybersecurity and Infrastructure Security Agency) who helps consumers shop online without getting scammed, skimmed, or robbed. Online shopping fraud cost consumers $5.9 billion last year. Fake websites, stolen credit cards, and counterfeit products are more sophisticated than ever.

I need a complete safe online shopping protocol.

Protect:

- Fake website detection: the 5 checks before entering payment info on ANY website (HTTPS lock, domain spelling, contact information, reviews on external sites, WHOIS domain age lookup)
- Credit card versus debit card: ALWAYS use credit cards online because they have fraud protection and liability limits. Debit cards pull directly from your bank account with weaker protection
- Virtual card numbers: how to use services like Privacy.com, Capital One virtual numbers, or Apple Pay to generate disposable card numbers for each online purchase
- Checkout red flags: the specific warning signs during checkout that indicate a scam site (only accepting wire transfer, cryptocurrency, or gift cards as payment)
- Marketplace safety: how to buy safely on Facebook Marketplace, Craigslist, and OfferUp without getting robbed or scammed
- Subscription trap detection: how to identify free trials designed to auto charge $49.99 per month and how to cancel before they hit
- Coupon and deal scams: why that 90% off coupon on Instagram is almost certainly a phishing site and how to verify real deals
- Package theft prevention: setting up delivery notifications, requiring signatures, using Amazon Locker or secure pickup locations
- Refund and chargeback process: step by step instructions for disputing fraudulent charges with my bank and getting my money back
- Price verification: tools and methods to verify a deal is real and not an inflated price with a fake discount

Format as a CISA style safe shopping guide with a pre purchase checklist, payment security protocol, and fraud reporting steps.

My shopping habits: [DESCRIBE HOW OFTEN YOU SHOP ONLINE, WHICH PLATFORMS YOU USE, HOW YOU PAY, AND WHETHER YOU HAVE EVER BEEN SCAMMED]"

9. The CrowdStrike Device Security Hardener

"You are a senior endpoint security engineer at CrowdStrike who hardens personal devices against malware, ransomware, spyware, and unauthorized access. Your phone contains your banking apps, email, photos, and personal conversations. Your laptop has your tax returns, saved passwords, and work documents. If either device is compromised, your entire life is exposed.

I need every device I own hardened against attacks.

Harden:

- Phone lock security: upgrade from 4 digit PIN to 6 digit PIN or alphanumeric password. Enable biometric (Face ID or fingerprint) as the primary unlock
- Automatic updates: turn on automatic OS and app updates on every device because 60% of successful hacks exploit known vulnerabilities that patches already fixed
- App permission audit: go through every app on my phone and revoke permissions it does not need (does a flashlight app need access to my contacts and microphone? no)
- Find My Device: enable Find My iPhone or Google Find My Device so I can locate, lock, or wipe a lost or stolen device remotely
- Encryption verification: confirm full disk encryption is enabled on my laptop (FileVault on Mac, BitLocker on Windows) so a stolen laptop is a useless brick
- Browser security: install uBlock Origin for ad and tracker blocking, enable HTTPS only mode, and disable third party cookies
- Automatic screen lock: set all devices to lock after 1 to 2 minutes of inactivity so an unattended device is not an open invitation
- USB and charging safety: never use public USB charging stations (juice jacking can install malware) and always use my own cable and power adapter
- Backup protocol: automatic daily backup to encrypted cloud storage and weekly backup to an external drive kept in a separate location
- Old device disposal: how to properly wipe and factory reset old phones, laptops, and tablets before selling, donating, or recycling them

Format as a CrowdStrike style endpoint security guide with device by device hardening checklists and verification steps.

My devices: [LIST EVERY DEVICE YOU OWN (PHONES, LAPTOPS, TABLETS), THEIR OPERATING SYSTEMS, AND YOUR CURRENT SECURITY SETTINGS]"

10. The FTC Investment and Crypto Scam Shield

"You are a senior consumer protection analyst at the Federal Trade Commission who specializes in investment fraud and cryptocurrency scams. The FTC reports that investment scams are now the number one fraud category with over $4.6 billion stolen in a single year. Crypto scams alone account for over $1 billion. The scams that steal the most money are the ones that look the most legitimate.

I need to recognize every type of investment and money scam before I lose a dollar.

Shield:

- Ponzi scheme indicators: the 5 warning signs of a Ponzi scheme (guaranteed high returns, unregistered investments, secretive strategy, difficulty withdrawing, recruiting pressure)
- Crypto scam types: rug pulls, fake exchanges, pump and dump schemes, fake airdrops, impersonation scams, and recovery scams (the scam that targets people already scammed)
- Romance and pig butchering scams: how scammers build relationships over weeks or months then slowly introduce a "guaranteed" investment opportunity
- Fake trading platforms: how to verify if a trading platform is legitimate (check SEC registration, FINRA BrokerCheck, read independent reviews not platform testimonials)
- Social media investment fraud: why that screenshot of someone's trading profits is almost certainly fake and how they manipulate you into joining
- Celebrity endorsement scams: fake Elon Musk crypto giveaways, fake Warren Buffett investment tips, and AI deepfake videos of celebrities promoting scams
- Pressure tactics: any legitimate investment will let you take time to decide. Anyone creating urgency (limited spots, closing soon, act now) is running a scam
- Too good to be true test: if someone promises guaranteed returns above 10% per year with no risk, it is mathematically impossible and therefore a scam
- Due diligence checklist: the 10 checks to run before putting a dollar into ANY investment opportunity
- Recovery scam warning: after being scammed, fraudsters often contact victims claiming they can recover the money for an upfront fee. This is a second scam

Format as an FTC style fraud prevention guide with scam type identification, red flag checklist, and reporting instructions.

My concern: [DESCRIBE ANY INVESTMENT OPPORTUNITIES YOU HAVE BEEN APPROACHED ABOUT, WHETHER YOU INVEST IN CRYPTO, AND WHETHER YOU HAVE EVER LOST MONEY TO A SCAM]"

11. The Krebs on Security Family Protection Plan

"You are Brian Krebs, the most respected independent cybersecurity journalist in the world, who has exposed billion dollar cybercrime rings. You know that hackers do not just target you. They target your parents, your spouse, your kids, and your elderly relatives because they are usually the weakest link. One compromised family member can take down everyone's security.

I need a family cybersecurity plan that protects every member of my household.

Protect:

- Parent and grandparent protection: the simplified security setup for older family members who are the most targeted and least tech savvy (larger text guides, fewer steps, maximum automation)
- Kids online safety: age appropriate internet safety rules, parental controls, and how to talk about online predators without creating fear
- Shared account security: how to share streaming, shopping, and family accounts without sharing passwords (use a family password manager vault)
- Family communication protocol: a simple code word or verification method so no family member falls for a deepfake voice call pretending to be another family member in trouble
- Elder fraud prevention: how to help aging parents recognize phone scams, Medicare fraud, and grandparent scams (hi grandma I am in jail and need bail money)
- Home network security: router password change, guest network setup, IoT device isolation, and firmware updates
- Smart home audit: which smart devices (cameras, locks, speakers, baby monitors) are security risks and how to configure each safely
- Family data inventory: which family member has access to which financial accounts, medical records, and legal documents
- Emergency protocol: if any family member gets hacked, the step by step family response plan (who to call, what to lock, how to communicate securely)
- Annual family security review: a yearly 30 minute family meeting to update passwords, review privacy settings, and discuss new threats

Format as a Krebs style family security plan with member by member checklists, simplified guides for non tech family members, and an annual review template.

My family: [DESCRIBE YOUR HOUSEHOLD MEMBERS, THEIR AGES AND TECH COMFORT LEVELS, AND WHO YOU ARE MOST WORRIED ABOUT BEING TARGETED]"

12. The Deloitte Complete "Unhackable in One Afternoon" Protocol

"You are the head of personal cybersecurity at Deloitte who designs the security hardening protocol for C suite executives. This is the same afternoon protocol that Fortune 500 CEOs go through before they are given access to company systems. It covers everything in one session. After this afternoon you go from easy target to hardened fortress.

I need a complete one afternoon security hardening session that covers everything.

Harden in one afternoon:

HOUR 1 PASSWORDS AND ACCESS (12:00 to 1:00)
- Install password manager (Bitwarden free)
- Change email password first (strongest password, unique)
- Change banking passwords
- Enable 2FA on email, banking, and social media

HOUR 2 DEVICE SECURITY (1:00 to 2:00)
- Update every device to latest OS
- Enable encryption on laptop
- Audit app permissions on phone
- Enable Find My Device on all devices
- Set auto lock to 1 minute

HOUR 3 IDENTITY PROTECTION (2:00 to 3:00)
- Freeze credit at all 3 bureaus
- Check haveibeenpwned.com for breached accounts
- Set up USPS Informed Delivery
- File IRS Identity Protection PIN

HOUR 4 PRIVACY AND MONITORING (3:00 to 4:00)
- Lock down social media privacy settings
- Remove info from 3 data broker sites
- Install VPN for public Wi-Fi
- Set up credit monitoring alerts
- Create family emergency protocol

Format as a Deloitte style security hardening protocol with a minute by minute afternoon schedule, verification checkpoints, and a monthly maintenance checklist.

My starting point: [DESCRIBE YOUR CURRENT SECURITY LEVEL, WHICH OF THESE STEPS YOU HAVE ALREADY DONE, AND HOW MANY HOURS YOU CAN DEDICATE TODAY]"

I hope you've found this thread helpful.

Follow me @heynavtoor for more.

Like/Repost the quote below if you can: