How many questions are in this quiz?

This quiz has 107 questions covering phishing via email, SMS, and phone calls.

Is there a timer on the questions?

No. The quiz has no timer, so you can take your time to evaluate each scenario.

What answer format does the quiz use?

Every question is multiple-choice with 4 options, focused on practical phishing detection decisions.

How do I choose question count and difficulty?

Use the start panel to set how many questions you want and select a difficulty level that matches your goal.

What topics are covered besides suspicious links?

You’ll see impersonation, urgency tactics, credential and OTP theft, invoice scams, and caller verification techniques.

Phishing detection: emails, SMS, and calls

About this quiz

What you’ll practice

Phishing isn’t just “bad links”—it’s pressure, impersonation, and tiny inconsistencies across email, texts, and calls. You’ll practice spotting social engineering tactics, suspicious requests, and risky click paths in everyday situations.

Each question uses 4 options and there’s no timer, so you can slow down and reason through clues like sender details, wording, urgency, and verification steps.

Difficulty and question settings

Difficulty is mixed on purpose: some items are obvious “too good to be true,” while others mimic convincing business messages and support calls. Choose your question count and difficulty before starting to tailor a quick refresher or a longer skills session.

Common pitfalls to avoid

Many people focus only on the link, but attackers often win with context and emotion. Watch for subtle mismatches, unusual payment or login requests, and “helpful” callers who try to keep you from verifying independently.

Trusting display names instead of checking the actual sender address/number
Clicking shortened or lookalike URLs without verifying the destination
Falling for urgency, fear, or authority pressure (“act now,” “account locked”)
Sharing one-time codes, passwords, or remote-access approval during calls
Assuming internal-looking messages are safe without secondary verification

How to improve fast

Treat every scenario like a mini playbook: pause, verify through a known channel, and report when appropriate. Over time you’ll recognize patterns—pretexting, credential harvesting, and “invoice” traps—across all three channels.