Sonicwall Phishing Quiz

Over 90% of today’s data breaches start with a phishing attack. Can you spot when you’re being phished?

Test your ability to identify fraudulent emails and see how susceptible you really are to social engineering and phishing scams.
The SonicWall Phishing Quiz uses real examples from some of the most common phishing email attacks. Take the test and reveal your Phishing IQ today.

Take the Quiz
Back

Doodle asked you to verify your email address

How the Quiz Works

1. Read the question.

Previous
Back

Doodle asked you to verify your email address

How the Quiz Works

2. Using your mouse to hover over buttons, pay attention to indications on whether it is a Legitimate or Phishing email.

Previous
Back

Doodle asked you to verify your email address

When you’re ready

How the Quiz Works

3. Once you’re done investigating, choose Phishing or Legitimate.

Previous
Back
Back
Question: 1/10

You’ve received a pricing inquiry!

Failed DHL Delivery

It’s time to update your Office 365 password

Confirm your account with Doodle

You're invited to join a webcast!

Current procurement information for Sonicwall INC.

2: qa-Partnership | 7:4

Microsoft Subscription Expiry

Bill 22427 from Steven Murphy Electrical Contractors Pty Ltd is due

Your credit card payment is due on Aug 7

Question Summary:

Answered Correctly

Email Question Title Lorem Ipsum Dolor

You Said: Phishing
Answered Incorrectly

Email Question Title Lorem Ipsum Dolor

You Said: Legitimate
Answered Correctly

Email Question Title Lorem Ipsum Dolor

You Said: Phishing
Answered Incorrectly

Email Question Title Lorem Ipsum Dolor

You Said: Legitimate
Answered Correctly

Email Question Title Lorem Ipsum Dolor

You Said: Phishing
Answered Incorrectly

Email Question Title Lorem Ipsum Dolor

You Said: Legitimate
Answered Correctly

Email Question Title Lorem Ipsum Dolor

You Said: Phishing
Answered Incorrectly

Email Question Title Lorem Ipsum Dolor

You Said: Legitimate
Answered Correctly

Email Question Title Lorem Ipsum Dolor

You Said: Phishing
Answered Incorrectly

Email Question Title Lorem Ipsum Dolor

You Said: Legitimate

Incorrect

This is a phishing attempt! This email is imitating a business partner in an attempt to get you to click a malicious link.

This is actually a phishing email. Be cautious about hyperlinks and attachments you open from emails – they may direct you to malicious websites designed to get you to share sensitive information.

1. MISSPELLED WORDS

While it is not unusual for a real email to have some spelling errors, this particular email has too many misspelled words and grammatical errors for a professional email.

Next

2. NO RECIPIENT NAME

Legitimate emails usually address the recipient by their name.

Next

3. OUTDATED LOGOS

A legitimate email would not use an outdated Microsoft Excel logo.

Next

4. SUSPICIOUS URL

This lengthy URL is not an official Microsoft website.

Incorrect

Good catch! This is a phishing email.

That answer is incorrect. This was a complicated phish!

1. UNUSUAL DATE FORMAT

Dates without punctuation or an unusual format can be an indication of a phishing attempt.

Next

2. SUSPICIOUS URL

The hackers are trying to hide the URL with realistic display text. The actual hyperlink is not to a DHL website.

Next

3. ODD EMAIL FORMAT

The overall formatting of the email looks odd and not very professional.

Incorrect

Great job spotting this phishing attempt!

Whoops! That answer is incorrect. This email is a phishing attempt.

1. SENDER EMAIL ADDRESS

The sender’s email address is not a Microsoft email address or from your own company domain.

Next

2. POOR QUALITY LOGOS

The Office 365 logo is poor quality which may indicate this is an imitation.

Next

3. SUSPICIOUS URLs

The “Retain Present Credentials” link goes to an unfamiliar website, not a Microsoft domain.

Incorrect

This is a legitimate Doodle email communication!

This is a legitimate Doodle email communication.

1. CORRECT DOODLE INFORMATION

The Doodle email address uses the real doodle.com domain and the physical address is also correct.

Next

2. EMAIL RECIPIENT IS EXPECTING THIS EMAIL FROM DOODLE

This recipient recently signed up for a Doodle account and was expecting to receive this email to confirm their email address.

Next

3. LEGITIMATE URL

The URL is a legitimate, secure link to "doodle.com".

Incorrect

Well done! You correctly identified this as a phishing email!

This is a phishing email.

1. LOOK-ALIKE DOMAINS

Threat actors register look-alike domains to impersonate well-known companies. www.usagov-businessops.us seems like it may be a legit URL, however some quick research shows that www.usaopps.com is the real domain for Government Bid Opportunities.

Next

2. COPYRIGHT YEAR

In the email footer, the legal copyright shows as “2018”. Official company emails, especially those from government organizations are unlikely to have an email footer that is several years out of date.

Incorrect

Well done! You correctly identified this as a phishing email!

This is a phishing email.

1. UNKNOWN SENDER

An email from someone you know is likely safe, however, use caution when opening an email from an unknown sender who may wish to harm your computer or scam you.

Next

2. GENERIC GREETING

Phishing emails commonly use generic salutations such as “Dear Account Holder” or “Dear customer” rather than using the recipient’s name. If a company you deal with required information about your account, the email would call you by name and probably direct you to contact them via phone or log into your account directly on their website.

Next

3.NO ATTACHMENTS OR LINKS

Sophisticated BEC attacks don’t need attachments or links to cause financial damage. While attachments or links can lead to wire fraud where an attacker reroutes payment by sending a false bank account number, natural language processing which detects tone, sentiment and context of emails is also key in preventing attacks that don’t contain an obvious attachment or link. SonicWall’s Cloud App Security prevents the most advanced threats and protects more than just email, learn more.

Incorrect

Well done! You correctly identified this as a phishing email!

This is a phishing email.

1. GRAMMATICAL ERRORS

The email starts with a grammatical error in the subject line and there are many more throughout.

Next

2. SUSPICIOUS URLs

The hackers are trying to hide the URL with realistic display text. The actual hyperlinks in these emails point to third-party URLs, unrelated to any Microsoft website.

Incorrect

You have recognized that this is a valid email.

Incorrect! This is a legitimate email from a vendor requesting payment for services rendered.

1. CLEAN, PROFESSIONAL LOOKING EMAIL

Notice there are no misspelled words, grammatical errors, or punctuation errors in the email.

Next

2. LEGITIMATE URLs

The invoice URL points to a legitimate website used for invoicing and payments.

Next

3. NO SCARE TACTICS

Unlike most phishing attempts, this email does not try to scare the recipient into clicking on a link immediately.

Next

4. RECOGNIZED VENDOR

Most importantly, if you recognize a vendor name, and know that you are expecting to receive an invoice or email communication from them, it is likely that the email is legitimate. Watch out for invoices from unsolicited vendors as these may be fraudulent.

Incorrect

You have recognized that this is a legitimate email.

This is a legitimate email.

1. CLEAN, PROFESSIONAL LOOKING EMAIL

Notice there are no misspelled words, grammatical errors, or punctuation errors in the email.

Next

2. LEGITIMATE URLs

All of the links in the URL point to a recognized website domain.

Next

3. RECOGNIZED VENDOR

If you recognize a vendor name, and know that you are expecting to receive an invoice or email communication from them, it is likely that the email is legitimate. Watch out for invoices from unsolicited vendors as these may be fraudulent.

115,537

Tests taken so far

Take the Quiz:

Evaluate a series of emails to identify potentially “phishy” elements. Hover over links and buttons to investigate the full details.

Cast Your Vote:

Test your knowledge by answering “Phishing” or “Legitimate”. Can you tell what’s fake?

Learn Why:

Identifying phishing can be harder than you think. Check your results and learn more about each phishing attempt.