Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

Sign inSign in with Facebook
Sign inSign in with Google

Take the Phishing and Scam Awareness Quiz

Sharpen Your Fraud Detection and Security Skills

Difficulty: Moderate
Questions: 20
Learning OutcomesStudy Material
Colorful paper art illustrating a Phishing and Scam Awareness Quiz.

Ready to sharpen your online safety skills with a fun, interactive challenge? This Phishing and Scam Awareness Quiz guides learners to recognise deceptive tactics and strengthen digital vigilance. Ideal for employees, students, or anyone keen on fraud prevention, participants will gain practical insights and actionable tips. Plus, the quiz is fully editable in our quizzes editor for customised training. For focused practice, also check out the Phishing Awareness Quiz or explore more with the Online Scam Awareness Quiz .

Which of the following is a common red flag indicating an email might be a phishing attempt?
A generic greeting like "Dear Customer"
A personalized salutation using your full name
A message from your known colleague
An email containing only text without links
Generic greetings like "Dear Customer" are often used by attackers to address many recipients without personalization. A legitimate sender usually uses your full name or other personal details.
When you receive an unsolicited email with a link, what is the safest first action?
Hover over the link to view the actual URL
Reply asking the sender to verify their identity
Delete the email without checking further
Click the link to see the content
Hovering over a link reveals the real destination without clicking. This helps you verify the URL's safety before interacting.
What is a telltale sign of a suspicious email attachment?
An unexpected .exe or .scr file
A document with a .docx extension from a known colleague
A PDF file from a trusted vendor
An image file with a .jpg extension
Executable attachments, such as .exe or .scr files, can conceal malware. Receiving unexpected executables is a strong red flag for phishing or malware.
Which practice helps protect against phishing by strengthening account security?
Using the same password on multiple sites
Enabling two-factor authentication
Turning off automatic updates
Sharing passwords with trusted friends
Enabling two-factor authentication adds a second verification step, reducing the risk if a password is compromised. This practice significantly strengthens account security.
How should you report a suspected phishing email within an organization?
Forward it to the IT or security team
Reply to the sender asking for their identity
Post about it on a public forum
Ignore it without alerting anyone
Forwarding suspicious emails to your IT or security team allows them to investigate and take action. Proper reporting ensures potential threats are handled appropriately.
What is spear phishing?
A general email sent to many recipients
A targeted phishing attack using personal information
Phishing conducted via phone calls
Malware downloaded from compromised websites
Spear phishing attacks use personal or organizational details to craft highly targeted messages. They are more convincing and dangerous than broad phishing attempts.
What is smishing?
Phishing via SMS or text messages
Phishing via voice calls
Phishing through social media
Phishing via email attachments
Smishing refers to phishing attempts conducted via SMS or text messages. Attackers use these messages to trick recipients into clicking malicious links or divulging sensitive data.
Which of the following is a secure practice when creating passwords?
Using "password123" for easy recall
Including symbols, numbers, and uppercase letters
Reusing old passwords across accounts
Writing passwords on a sticky note
Strong passwords include a mix of symbols, numbers, and uppercase letters, making them harder to guess or crack. Avoiding reuse and simple patterns further enhances security.
Why is it dangerous to click on shortened URLs from unknown sources?
They are always safe
They hide the final destination
They always lead to government websites
They cannot contain malware
Shortened URLs mask the final destination, making it impossible to verify where they lead. They are often used by attackers to disguise malicious sites.
What social engineering technique involves creating a scenario to gain a victim's trust?
Phishing
Vishing
Pretexting
Tailgating
Pretexting involves inventing a believable scenario to manipulate individuals into revealing information. It relies on building trust through fabricated stories.
How can you verify that a website uses a secure connection?
URL begins with "http://"
Browser shows a padlock icon and "https://"
The page has high-resolution images
It loads faster than other sites
HTTPS with a padlock icon indicates that the connection is encrypted with TLS. This protects data in transit from interception or tampering.
What is the purpose of sandboxing suspicious email attachments?
Increase email load speed
Execute code in a controlled environment
Send attachments to colleagues
Block attachments permanently
Sandboxing allows potentially harmful attachments to execute in a controlled, isolated environment. This prevents malware from affecting your main system while you analyze it.
Which indicator might suggest a website is part of a phishing scam?
Legitimate company branding
Misspellings in the domain name
Use of a verified security seal
Well-structured navigation menus
Misspelled or slightly altered domains are common in phishing scams to trick users. Checking the domain for typos helps detect fraudulent websites.
When receiving a suspicious voicemail claiming to be from your bank, what is best practice?
Call the number provided in the voicemail immediately
Delete all voicemails from unknown numbers
Contact the bank using official phone numbers
Share the voicemail on social media for advice
Contacting the organization using official phone numbers ensures you speak with legitimate representatives. This avoids interacting with spoofed caller IDs that scammers use.
What is the risk of downloading free software from unverified third-party sites?
It often contains built-in antivirus tools
It might install adware or malware
It always improves system performance
It never affects your privacy
Free software from unverified sources can contain adware or malware bundled with the installer. Always download from official sites or trusted repositories to minimize risk.
Which DNS record type is commonly used to publish a domain's DMARC policy?
MX
A
TXT
SRV
DMARC policies are published in DNS TXT records under the _dmarc subdomain. Mail servers reference these records to determine how to handle unauthenticated messages.
What is a homograph attack in the context of domain-based phishing?
Using social media platforms for phishing
Registering domains with visually similar characters
Sending phishing links over phone calls
Embedding malware within document files
A homograph attack registers domains that use visually similar characters to mimic legitimate sites. This exploits the fact that users may not notice the subtle character differences.
Which method provides the strongest protection against account compromise?
SMS-based two-factor authentication
Email-based one-time codes
Hardware security keys
Complex passwords without two-factor authentication
Hardware security keys leverage cryptographic protocols that resist phishing and man-in-the-middle attacks. They provide stronger protection than SMS or app-based two-factor codes.
Which resource is the FBI's official platform for reporting internet-related crimes, including phishing?
APWG
IC3.gov
Powwow.net
Better Business Bureau
The Internet Crime Complaint Center (IC3) is an FBI-affiliated portal for reporting cybercrimes such as phishing. It directs complaints to the appropriate law enforcement agencies.
What is the most secure approach to analyze a suspicious executable email attachment?
Open it directly on your work computer
Upload it to a public forum for advice
Use an isolated virtual machine or sandbox environment
Scan it after opening
Using an isolated virtual machine or sandbox environment prevents malware from affecting your primary operating system. This secure approach allows safe analysis of suspicious executables.
0
{"name":"Which of the following is a common red flag indicating an email might be a phishing attempt?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Which of the following is a common red flag indicating an email might be a phishing attempt?, When you receive an unsolicited email with a link, what is the safest first action?, What is a telltale sign of a suspicious email attachment?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Learning Outcomes

  1. Identify common phishing email red flags
  2. Analyse scam techniques across various platforms
  3. Evaluate suspicious links and attachments effectively
  4. Demonstrate best practices for secure online behavior
  5. Apply strategies to safeguard personal information
  6. Master steps to report phishing and scam attempts

Cheat Sheet

  1. Recognize Common Phishing Email Red Flags - Watch out for messages that pressure you to act now, use vague salutations, or have chopped-up sentences. Scammers love hiding bad links in attachments, hoping you'll click without thinking. Take a moment to vet their story before trusting. Seven Ways to Identify a Phishing Scam
  2. Understand Social Engineering Tactics - Phishers often pretend to be authority figures or create fake "limited time" deals to force you into a panic. By spotting these mind games - like appeals to authority, scarcity, or social proof - you gain the upper hand. Knowledge is power when it comes to dodging digital cons. Social Engineering: Penetration Testing and Human Manipulation
  3. Evaluate Suspicious Links Carefully - Never just click on a link - hover to reveal the real URL beneath! If it has extra characters, weird domain names, or mismatched text, steer clear and type the known address manually. A quick check can save you from malware nightmares. How to Spot a Phishing Email
  4. Be Cautious with Unexpected Attachments - Attachments from strangers might contain viruses or malware ready to cause chaos on your device. Always confirm the sender's identity and scan files with antivirus software before opening them. When in doubt, delete or quarantine the file. Phishing Email Red Flags to Watch For
  5. Maintain Strong, Unique Passwords - Mixing uppercase, lowercase, symbols, and numbers makes passwords tougher to crack. Reusing passwords across multiple sites is like leaving the same key under every doormat - risky! Create a unique passphrase for each account to keep intruders out. Cyber Red Flags
  6. Enable Two-Factor Authentication (2FA) - Adding a second verification step - like a text code or authentication app - amps up your defenses even if a hacker guesses your password. It's an effortless upgrade that can stop takeover attempts in their tracks. Unlock ultimate account protection with 2FA! Cyber Red Flags
  7. Regularly Update Software and Systems - Developers patch vulnerabilities all the time, so keeping apps and your operating system up to date is key. Automatic updates are your digital best friend - never miss a critical fix. A fully patched system greatly reduces attack windows. Cyber Red Flags
  8. Educate Yourself on Different Scam Techniques - Phishing isn't limited to email; it can strike via text messages, phone calls, and social media DMs. Studying various scam methods turns you into a scam-spotting superhero. Knowledge and practice make perfect! Know These Red Flags to Avoid Phishing Scams
  9. Safeguard Personal Information - Oversharing birthdays, addresses, or pet names online can hand scammers clues to impersonate you. Review your privacy settings and think twice before posting personal details. Keep your digital footprint minimal and secure. Social Engineering Red Flags
  10. Know How to Report Phishing Attempts - Spot a suspicious email? Report it to your IT team or use your email client's "Report Phishing" button to help block future attempts. Sharing intel helps protect your friends and colleagues. Your quick action keeps the internet safer for everyone! Phishing Red Flags
Powered by: Quiz Maker