Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Computers & IT

Phishing Quiz with Answers: Spot Email Scams and Stay Safe

Quick phishing awareness test: 15 real email scenarios, instant results and answers.

Editorial: Review CompletedCreated By: Carlos MarionUpdated Aug 26, 2025
Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art depicting elements related to Phishing Awareness Quiz

This phishing quiz helps you spot fake emails, risky links, and urgent requests before you click. Tackle 15 quick, real-world scenarios with instant feedback to strengthen your judgment. For broader practice, try the phishing and 2fa quiz, build scam-spotting skills with the scam awareness quiz, and sharpen workplace messages with the email etiquette test.

What is a common red flag in phishing emails?
Encrypted link to secure website
Email sent from official corporate domain
Personalized name matching account record
Generic greeting such as "Dear Customer"
Generic greetings are often used by phishers to address mass recipients and lack personalization. This indicates the sender may not know the recipient personally and is a common tactic in phishing.
Which of the following actions should you take when you receive an unexpected email attachment?
Open the attachment immediately to see its contents
Scan the attachment with antivirus software before opening
Forward the attachment to your personal email
Delete the email without any further steps
Scanning attachments with updated antivirus software helps detect malicious payloads before exposing your system. It prevents accidental execution of malware embedded in unsolicited files.
If hovering over a hyperlink in an email shows a different URL than the displayed text, this is a sign of:
A legitimate affiliate link
A mismatched link or URL spoofing
A shortened URL from a trusted service
A secure link redirection
When the shown text and actual hyperlink destination differ, it indicates URL spoofing commonly used in phishing to deceive users. Verifying the real link helps prevent redirecting to malicious sites.
Phishing emails often create a sense of urgency. Which example best illustrates this tactic?
"Your account statement is ready for review."
"Happy birthday from our team!"
"Your account will be closed within 24 hours unless you verify your information."
"Reminder: Meeting scheduled tomorrow at noon."
Threatening account closure within a tight timeframe pressures recipients to act quickly without careful thought. This urgency tactic is a classic phishing method to bypass rational analysis.
What is the first recommended step when you suspect an email may be a phishing attempt?
Move the email to your personal folder
Reply asking for verification
Report or flag the email to your IT or security team
Click the links to see where they lead
Reporting suspected phishing emails to the appropriate IT or security team allows experts to investigate and protect others. It is critical not to interact with the email further to prevent accidental compromise.
You receive an email from support@micr0soft.com claiming to be Microsoft. What aspect of this email is most suspicious?
The sender's email domain using a number instead of a letter
The email is addressed to your full name
The presence of a signature at the bottom
The use of an official company logo
The domain "micr0soft.com" replaces the letter "o" with a zero, indicating a look-alike domain designed to deceive recipients. Legitimate companies use their correct domain spellings in official communications.
A phishing email contains a link shortened by a URL shortening service. Which approach is safest to verify its destination?
Copy the shortened link and paste it into a URL expander tool
Forward the link to a coworker without checking
Reply to the sender asking for the full URL
Click the shortened link and see where it leads
Using a URL expander tool reveals the actual destination without visiting potentially malicious sites. This helps you assess the link's safety before taking any action.
Which email authentication protocol helps verify the sending domain and prevent spoofing?
DMARC
FTP
POP3
HTTPS
DMARC (Domain-based Message Authentication, Reporting & Conformance) builds upon SPF and DKIM to instruct receivers how to handle unauthenticated mail. It prevents domain spoofing by enforcing authentication policies.
A targeted phishing attack that uses personal details about the recipient to appear legitimate is known as:
Vishing
Spear phishing
Whaling
Spamming
Spear phishing customizes messages using information about individuals or organizations, increasing the likelihood of success. This contrasts with general phishing that casts a wide net without personalization.
You receive an invoice from a known supplier, but the amount is unusually high. What is the best way to confirm its authenticity?
Forward the invoice to colleagues without verification
Pay immediately to avoid late fees
Call the supplier using a known phone number, not one provided in the email
Reply to the sender asking for a discount
Contacting the supplier through a verified phone number ensures you're communicating with the legitimate party. This step prevents payment to fraudulent accounts set up by attackers.
Why is enabling multi-factor authentication (MFA) effective against phishing?
It requires a second verification factor beyond just a password
It encrypts all email content
It blocks all incoming phishing emails automatically
It hides the user's email address from senders
MFA adds an extra layer of security by requiring additional proof of identity, such as a one-time code, reducing the risk even if credentials are compromised. Phishers cannot access accounts without the second factor.
Before opening an unexpected PDF attachment, which step most helps prevent malware infections?
Rename the file to a .txt extension
Open it on your work computer immediately
Upload it to an online antivirus scanner or sandbox environment
Forward it to friends to see if they trust it
Uploading attachments to a sandbox or antivirus scanning service analyzes the file in an isolated environment without risking your system. This identifies malicious behavior before you open the file.
An email that appears to come from a CEO requesting urgent fund transfers to a vendor is an example of which attack?
Phishing
Pharming
Spoofing
Whaling
Whaling specifically targets high-level executives or employees by impersonating authority figures to authorize large transactions. It is a type of spear phishing aimed at senior personnel.
To inspect where an email hyperlink goes without clicking, you can:
Disable images in the email client
Press Ctrl+F on the link
Forward the email to yourself and click in draft mode
Right-click the link and select "Copy link address" to view it
Copying the link address reveals the actual URL in plain text, allowing you to analyze it for suspicious domains or file types before visiting. This method avoids accidental navigation to malicious pages.
What is the primary function of SPF in email security?
To scan attachments for malware
To provide a quarantine for spam emails
To encrypt email content during transit
To specify which mail servers are authorized to send emails on behalf of a domain
SPF (Sender Policy Framework) publishes authorized sending IPs in DNS, enabling receivers to verify that incoming mail from a domain originates from permitted servers. This helps reduce spoofed email delivery.
Reviewing an email header shows a "Received" entry from an IP address not associated with the sender's mail server. What does this indicate?
The sender used a VPN for privacy
The email was auto-forwarded from another folder
The message was delivered securely via TLS
The email was routed through an unexpected or malicious server
A "Received" header from an unrecognized IP suggests the message passed through an unauthorized server, often used by attackers to mask origin. Authentic emails usually traverse known mail gateways.
In a suspicious email, the "Reply-To" address differs from the "From" address. This discrepancy most likely means:
The email client has formatting issues
The sender uses a mailing list service
The recipient can reply to multiple addresses
Replies will go to a different, potentially malicious, account
A mismatched "Reply-To" field directs responses to a separate address controlled by the attacker. This tactic captures replies even when the "From" appears legitimate.
Which configuration can an organization enforce to block emails from domains failing SPF checks?
Set DMARC policy to "p=quarantine" or "p=reject"
Enable email forwarding to personal accounts
Disable SMTP authentication for incoming mail
Use POP3 instead of IMAP
A strict DMARC policy instructs receivers to quarantine or reject emails that fail SPF or DKIM authentication. This prevents spoofed messages from reaching users.
Your organization wants to proactively detect phishing domains that impersonate its brand. Which approach is most effective?
Only allow emails from free public email services
Monitor new domain registrations using threat intelligence feeds
Block all incoming emails from outside the company's country
Disable SPF and DKIM checks on inbound mail
Monitoring domain registration data and threat intelligence alerts enables early identification of lookalike domains. This allows brand protection teams to take down malicious sites before widespread abuse.
An email link points to "xn--exmple-cua.com" when inspecting the punycode domain. What phishing technique does this represent?
URL shortening
Cross-site scripting
Homograph attack using Internationalized Domain Name (IDN) spoofing
Malware obfuscation
Punycode domains like "xn--exmple-cua.com" exploit visually similar characters to mimic legitimate domains, known as homograph attacks. This IDN spoofing tricks users into clicking on fraudulent links.
0
{"name":"What is a common red flag in phishing emails?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What is a common red flag in phishing emails?, Which of the following actions should you take when you receive an unexpected email attachment?, If hovering over a hyperlink in an email shows a different URL than the displayed text, this is a sign of:","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Identify common phishing email tactics and red flags.
  2. Analyze suspicious messages to determine authenticity.
  3. Apply best practices for secure email handling.
  4. Evaluate links and attachments for potential threats.
  5. Demonstrate understanding of reporting phishing attempts.

Cheat Sheet

  1. Recognize Common Phishing Tactics - Phishers love to create a sense of emergency, using urgent language like "Act now!" or threats of account suspension. They may dangle an irresistible deal or warning to make you click without thinking. Always take a moment to breathe, read slowly, and question the hype before diving in.
  2. Identify Red Flags in Emails - Keep an eye out for generic greetings, awkward phrasing, or spelling mistakes - they're like neon signs pointing to a phishing attempt. Unexpected attachments or links with weird URL structures are also classic giveaways. Developing a sixth sense for these quirks can save you from a lot of headaches.
  3. Verify Sender Information - Always double-check the sender's email address; phishers often spoof real domains or slip in extra letters and numbers. If it looks off or unfamiliar, don't trust it at face value. When in doubt, call or message the sender through a known channel to confirm.
  4. Hover Over Links Before Clicking - Hovering your mouse (or long-press on mobile) reveals the true destination URL - no click required. If the link shows a strange domain or mismatch, bail out immediately. This tiny habit is a powerful shield against sneakily malicious redirects.
  5. Be Wary of Unexpected Attachments - Clicking on attachments from unknown senders is like opening a treasure chest - you never know if it holds gold or malware. Even if a friend seems to have sent it, confirm with them first before downloading. Playing it safe saves you from infectious surprises.
  6. Understand Social Engineering Techniques - Phishers are part psychologists; they exploit emotions like fear, curiosity, and trust to trick you. Learning common tricks - such as impersonating authority figures or offering fake rewards - gives you a mental checklist to spot scams. Knowledge is your superpower in the fight against manipulation.
  7. Implement Strong Email Security Practices - Turn on multi-factor authentication (MFA) for an extra lock on your online accounts - passwords alone aren't enough these days. Keep your devices and apps updated to patch security holes and stay one step ahead of phishers. Regularly reviewing your email settings helps you catch weird forwarding rules or auto-forwards.
  8. Report Phishing Attempts - When you see a suspicious email, don't just delete it - report it to your IT team or use the built-in "Report Phishing" button. Swift reporting can protect others in your organization from the same threat. You'll be a cybersecurity hero by helping stop the scam in its tracks.
  9. Educate Yourself Continuously - Phishing tactics evolve faster than your favorite meme trends, so stay updated through webinars, blogs, and practice drills. The more you learn, the harder it becomes for scammers to catch you off guard. Turning education into a habit builds a strong defense over time.
  10. Trust Your Instincts - Your gut feeling is often right - if something feels off or too amazing to be real, pause and verify. When in doubt, pick up the phone or visit the official website directly instead of clicking. A moment of caution can save you hours of stress later.
Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Technology Quizzes

Powered by: Quiz Maker