Online quiz tests phishing knowledge

Think you can spot the difference between a legitimate e-mail and a phishing scam sitting in your in-box? According to one security vendor, many people can't.

The SonicWall Phishing and Spam IQ Quiz test presents a series of e-mails that may or may not be from PayPal, Wells Fargo, the IRS, and others. Test takers must decide whether the e-mail is a phishing attempt, legitimate, or provide no answer. Afterward, a score card is presented and if any questions were missing, there's an opportunity to see why: A page opens up identifying the clues that should have told you a given e-mail was probably bogus.

According to SonicWall, only 59.4 percent of test takers so far this year have been able to properly identify a legitimate e-mail, compared with 77.8 percent of the test takers in 2004. And this year, only 7.4 percent of test takers were able to correctly identify and categorize every e-mail they were presented.

The good news is that people are better at spotting a likely phishing scam. This year 86.1 percent caught the scam, as opposed to only 69.2 percent in 2004.

Real or fake? By taking the test, you can test your ability to spot a phishing scam.

(Credit: SonicWall)

[phineasfogg]

Cannot take test, does not recognize my mouse clicks for answer or for selecting "next question". Using Safari 3.2 on Mac OS 10.5.5

[techman21]

Tell Sonicwall, not CNET.

[sythara]

get a PC.

[kuselj]

You can find the test at: http://www.sonicwall.com/phishing/

[whiterabbit--2008]

Same setup, works fine for me.

And I didn't get faked out once by the scams.

[pruebas_100]

same here...

[sythara]

get a PC

[ice82]

damn.. only got 50% right.

[Niniri]

I scored 100% on this. Then again, I've been in the IT end of life for many years, having also
worked at various ISPs, too. I've seen a lot of scams and have had a lot sent to me, which have always wound up being sent off and reported to the legit entity, so they can help better protect others.

I've had friends get caught by phishing scams, in spite of my attempts to educate them on how to determine if something's legit or not...and at one point, I think I cleared over 1000 viruses and spyware items off a chum's laptop...and then wound up reimaging it after writing zeros to the hard drive...

I think the link to this quiz is going to be a mandatory 'forward' to some of them!

[gerrrg]

Me too, I scored 10 out of 10, but I'm not an IT person...just been using computers for 20 years, tho.

[PrettyStuzz]

9/10, I guessed phishing but the answer sheet said legitimate. My decision relied on this combined illiteracy and typo: "If your statement recently generated it may be 30 days or less before you receive the email notfication." So, if someone got 10/10, I think they got 9/10 also.

[SnowCrash8]

10 of 10 Correct. Amazed at this, as one or two with a clickable link I thought could be bogus.

I am against the use of clickable links in e-mail, as well as using provided telephone numbers in the message. In just about every instance, in particular dealing with sensitive information, the user should open up a new web page and go to the website, log in, and then take any action--if there really is anything to be done (i.e. the received message was legit.). As for phone contact, get the phone number from an independent trusted source. The fake phishing mail might not have clickable links, but if you call the ph.no. they provide in the message and then give away sensitive info. over the phone the exploit has worked just the same.