COMPUTERS
November 21, 2008 8:18 AM PST

Online quiz tests phishing knowledge

Posted by Robert Vamosi
  • Font size
  • Print

Think you can spot the difference between a legitimate e-mail and a phishing scam sitting in your in-box? According to one security vendor, many people can't.

The SonicWall Phishing and Spam IQ Quiz test presents a series of e-mails that may or may not be from PayPal, Wells Fargo, the IRS, and others. Test takers must decide whether the e-mail is a phishing attempt, legitimate, or provide no answer. Afterward, a score card is presented and if any questions were missing, there's an opportunity to see why: A page opens up identifying the clues that should have told you a given e-mail was probably bogus.

According to SonicWall, only 59.4 percent of test takers so far this year have been able to properly identify a legitimate e-mail, compared with 77.8 percent of the test takers in 2004. And this year, only 7.4 percent of test takers were able to correctly identify and categorize every e-mail they were presented.

The good news is that people are better at spotting a likely phishing scam. This year 86.1 percent caught the scam, as opposed to only 69.2 percent in 2004.

Real or fake? By taking the test, you can test your ability to spot a phishing scam.

(Credit: SonicWall)
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

Sonicwall,

phishing,

scams

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Study: Data breaches rose in 2008
Fake celeb LinkedIn profiles lead to malware
Hackers hit MacRumors keynote coverage
Alarm systems at risk: UL establishes a higher security requirement for magnetic switches
Twitter phishing scam may be spreading
'Curse of silence' smartphone flaw disclosed
Defense contractors eye cybersecurity bonanza
Web browser flaw could put e-commerce security at risk
Add a Comment (Log in or register) 12 comments
by phineasfogg November 21, 2008 9:15 AM PST
Cannot take test, does not recognize my mouse clicks for answer or for selecting "next question". Using Safari 3.2 on Mac OS 10.5.5
Reply to this comment
by techman21 November 21, 2008 9:51 AM PST
Tell Sonicwall, not CNET.
by sythara November 21, 2008 10:06 AM PST
get a PC.
by kuselj November 21, 2008 10:12 AM PST
You can find the test at: http://www.sonicwall.com/phishing/
by whiterabbit--2008 November 21, 2008 10:48 AM PST
Same setup, works fine for me.

And I didn't get faked out once by the scams.
by pruebas_100 November 21, 2008 9:36 AM PST
same here...
Reply to this comment
by sythara November 21, 2008 10:06 AM PST
get a PC
by ice82 November 21, 2008 9:50 AM PST
damn.. only got 50% right.
Reply to this comment
by Niniri November 21, 2008 10:48 AM PST
I scored 100% on this. Then again, I've been in the IT end of life for many years, having also
worked at various ISPs, too. I've seen a lot of scams and have had a lot sent to me, which have always wound up being sent off and reported to the legit entity, so they can help better protect others.

I've had friends get caught by phishing scams, in spite of my attempts to educate them on how to determine if something's legit or not...and at one point, I think I cleared over 1000 viruses and spyware items off a chum's laptop...and then wound up reimaging it after writing zeros to the hard drive...

I think the link to this quiz is going to be a mandatory 'forward' to some of them!
Reply to this comment
by gerrrg November 21, 2008 11:42 AM PST
Me too, I scored 10 out of 10, but I'm not an IT person...just been using computers for 20 years, tho.
Reply to this comment
by PrettyStuzz November 21, 2008 12:38 PM PST
9/10, I guessed phishing but the answer sheet said legitimate. My decision relied on this combined illiteracy and typo: "If your statement recently generated it may be 30 days or less before you receive the email notfication." So, if someone got 10/10, I think they got 9/10 also.
Reply to this comment
by SnowCrash8 November 21, 2008 1:08 PM PST
10 of 10 Correct. Amazed at this, as one or two with a clickable link I thought could be bogus.

I am against the use of clickable links in e-mail, as well as using provided telephone numbers in the message. In just about every instance, in particular dealing with sensitive information, the user should open up a new web page and go to the website, log in, and then take any action--if there really is anything to be done (i.e. the received message was legit.). As for phone contact, get the phone number from an independent trusted source. The fake phishing mail might not have clickable links, but if you call the ph.no. they provide in the message and then give away sensitive info. over the phone the exploit has worked just the same.
Reply to this comment
advertisement

In the news now

Apple: DRM-free tunes, unibody MacBook Pro

roundup At Macworld, Phil Schiller touts 10 million songs sans DRM, plus 69-cent songs, a unibody 17-inch notebook, iLife updates, and more.


Countdown to CES

special coverage The tech community descends on Las Vegas as the Consumer Electronics Show gets ready to kick off in all its gadgety glory.


About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET