Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google

Take the Email Phishing Awareness Quiz

Evaluate Email Phishing Threats with Real-World Scenarios

Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art depicting elements related to Email Phishing Awareness Quiz

Ready to test your email-based phishing detection skills? This Email Phishing Awareness Quiz is perfect for professionals, students, and anyone wanting to strengthen their security awareness. You'll navigate realistic scenarios and learn to spot malicious emails before they strike. All questions are fully editable in our intuitive editor, so you can tailor the quiz to your audience's needs. Explore more Phishing Awareness Quiz, dive into Email Security Awareness Quiz, or browse related quizzes to expand your training library.

Easy
Which of the following is a common characteristic of a phishing email?
Contains a sense of urgency
Always uses your full legal name
Includes only official company letterhead
Sent from a colleague you know personally
Phishing emails often use urgency to trick recipients into acting without thinking. Legitimate emails rarely pressure you to respond immediately.
What type of file attachment is most likely to be malicious in a phishing email?
.txt
.exe
.pdf
.jpg
Executable files (.exe) can run malicious code on your system. Other file types like .jpg or .txt are less likely to directly execute malware.
When hovering over a hyperlink in an email reveals a different URL, this indicates:
A legitimate link
A secure website
A phishing attempt
An internal resource
A mismatch between link text and the actual URL is a common trick used in phishing to hide malicious destinations. Legitimate senders normally have consistent link display and target.
Which element in an email greeting can signal a phishing attempt?
Generic greeting like 'Dear Customer'
Including a department name
Using your personal name
Mentioning a known project
Phishing emails often use generic greetings because the attacker does not know individual recipient names. Genuine organizations usually address you by your actual name.
Poor grammar and spelling in email content often indicate:
An official bank notification
A high-quality marketing message
A phishing email
A secure transactional message
Attackers frequently make spelling or grammatical errors in phishing emails due to lack of professional editing. Legitimate organizations typically proofread communications carefully.
Medium
Which email header field is most useful for verifying the actual source server of a message?
Received
Reply-To
To
Subject
The Received header shows the path and servers that handled the message, helping to verify the true origin. Other headers like Subject or To do not provide routing information.
If an SPF check for an incoming email passes, it means:
The DKIM signature is valid
The attachment is scanned
The sending IP is authorized by the domain owner
The email is safe to open
A passing SPF check indicates the IP address that sent the email is listed in the domain owner's SPF record. It does not guarantee content safety or DKIM validation.
A mismatch between a link's display text and its actual URL typically suggests:
An internal intranet link
A shortened URL service
A secure https page
A phishing link
Phishers often disguise malicious URLs under innocent-looking link text. Genuine messages rarely hide the true web address behind misleading text.
Before opening an unexpected attachment, you should:
Scan it with antivirus software
Forward it to everyone
Download it on a mobile device
Reply to sender for more info
Scanning attachments with antivirus helps detect known malware. Forwarding or opening blindly increases risk and does not verify safety.
What is the first step you should take when you suspect an email is a phishing attempt?
Click the links to verify
Delete your email account
Report it to your security team
Send a reply asking for details
Reporting suspected phishing to the security team allows experts to analyze and block threats. Clicking links or replying may expose you to risk.
Which practice helps protect against credential phishing?
Using multi-factor authentication
Using simple passwords
Disabling antivirus software
Sharing credentials over email
Multi-factor authentication adds an extra verification step, making it harder for attackers to use stolen credentials. Simple passwords or sharing credentials undermine security.
Spear phishing attacks differ from generic phishing because they:
Originate from trustworthy domains
Are personalized with target information
Use mass email blasts
Never include links
Spear phishing uses details like name, role, or project to build trust with specific targets. Generic phishing typically uses broad, untargeted messages.
Which DNS-based policy helps organizations instruct email servers on how to handle unauthenticated messages?
DMARC
MX record
CNAME record
TXT record for SPF
DMARC builds on SPF and DKIM to specify handling of unauthenticated emails. While SPF uses a TXT record, DMARC provides policy instructions.
Which of the following is a safe way to verify a suspicious link?
Manually typing the known website URL into the browser
Downloading the link as a file
Copy-pasting it into a chat
Clicking the link directly
Typing a trusted URL directly ensures you reach the legitimate site without redirection through a malicious link. Clicking directly risks visiting a fraudulent page.
A ZIP attachment asking you to enable macros is likely:
A customer satisfaction survey
A malicious phishing tactic
A standard security update
A company newsletter
Macros in attachments are a common vector for malware delivery. Legitimate updates rarely require enabling macros in archived documents.
Hard
In a raw email header, which 'Received' line should you trust to identify the originating IP address?
Any Received header at random
The top-most Received header
The one immediately after 'Subject'
The bottom-most Received header
The bottom-most Received header represents the first server that accepted the connection, revealing the origin IP. Headers above are added later in the delivery chain.
Which combination of protocols provides the strongest email authentication framework?
SPF, DKIM, and DMARC together
SMTP and FTP
HTTP and TLS
POP3 and IMAP
SPF, DKIM, and DMARC work together to verify sender authorization, message integrity, and handling policies. Other protocols listed do not address email spoofing in this way.
Homograph attacks exploit similarities in:
Subject line metadata
Unicode characters in URLs
Plain text email bodies
File names in attachments
Homograph attacks use look-alike characters from different scripts to create deceptive URLs. This can trick users into trusting malicious domains that appear legitimate.
During a phishing simulation, a user reports a suspicious email. Which method should be used to preserve forensic evidence?
Reply confirming legitimacy
Delete it immediately
Forward the email with full headers to the security team
Print screen without headers
Forwarding the email with full headers preserves routing and origin details for forensic analysis. Deleting or printing without headers loses critical information.
Whaling attacks specifically target:
High-profile executives or stakeholders
Newsletter subscribers
Random email addresses
Lower-level staff only
Whaling is a type of spear phishing aimed at top-level executives or decision-makers. Attackers focus on high-value targets for greater payoff.
0
{"name":"Which of the following is a common characteristic of a phishing email?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Easy, Which of the following is a common characteristic of a phishing email?, What type of file attachment is most likely to be malicious in a phishing email?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Identify common characteristics of phishing emails
  2. Analyze email headers for suspicious elements
  3. Evaluate links and attachments for potential threats
  4. Demonstrate proper reporting procedures for phishing attempts
  5. Apply best practices to avoid phishing scams
  6. Master strategies to enhance email security awareness

Cheat Sheet

  1. Recognize Common Phishing Indicators - Spot sneaky emails demanding immediate action, weird attachments, or bland greetings like "Dear User" that scream trouble. Train your eyes to hunt down typos, funky punctuation, or sender addresses that just don't add up. These warning signs are your first line of defense. Vanderbilt Phishing Guide
  2. Analyze Email Headers for Suspicious Elements - Dive into the technical side by inspecting email headers to see if the "From" address matches the actual source. Look for odd routing information or mismatched domains that hint at a clever impersonator. It's like reading the fine print on a treasure map. IU Phishing Tips
  3. Evaluate Links Before Clicking - Hover over links to reveal the true destination - and watch out for sly misspellings or strange domains. If the URL doesn't match what you expect or lacks "https," think twice before you click. A little caution here can save you from a digital minefield. Stanford Phishing Safety
  4. Be Cautious with Attachments - Attachments from unknown senders can sneak in malware faster than you can say "oops." Always double-check with the sender via a separate channel if something feels off. Treat unexpected files like mystery packages - you wouldn't open a random box on your doorstep, right? UWGB Phishing Awareness
  5. Understand Social Engineering Tactics - Phishers use fear, excitement, or false authority to tug at your emotions and rush your decisions. By recognizing these psychological tricks, you'll be less likely to fall for urgent-sounding scams. Stay savvy so you can spot the puppet strings. Social Engineering Paper
  6. Implement Strong Password Practices - Craft unique, complex passwords like mini-passphrases that only you can remember. Change them regularly and never reuse the same key for multiple locks. It's like having a different secret handshake for every club you join. IU Phishing Education
  7. Enable Two-Factor Authentication (2FA) - Add an extra shield by requiring a second form of verification - text code, authenticator app, or a hardware token. Even if a hacker cracks your password, they'll be stopped at this next hurdle. It's the digital world's version of double-locked doors. Stanford Phishing Safety
  8. Stay Informed About Phishing Trends - Phishing tricks are always evolving, so keep your knowledge fresh by reading up on the latest scams. Subscribe to security newsletters or follow credible blogs to stay ahead of crafty attackers. Knowledge is your superhero cape in the fight against fraud. Harvard Phishing Awareness
  9. Report Phishing Attempts - Think of yourself as a cyber guardian: if you spot a suspicious email, flag it to your IT team or designated security officer. Your quick action can protect the whole community. Together, we're stronger than any scammer. UConn Phishing Education
  10. Participate in Phishing Awareness Training - Hands-on exercises and simulated attacks sharpen your skills in a safe environment. The more you practice, the faster you'll recognize real threats in your inbox. Consider it a fun quiz that keeps your digital defenses top-notch. Harvard Phishing Awareness
Powered by: Quiz Maker