Spot the Phish


Did you know?

More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails.

43% of breaches involved small business victims.

93% of all data breaches start with an email attack.

Can you spot the difference between spear phishing and legitimate emails?

Spot the legitimate email
- Round 1 of 7:

Select the email you believe to be legitimate.

survey_image
survey_image
Next Question

This content is neither endorsed, nor sponsored, nor affiliated with Amazon. Amazon is the registered owner of logos and trademarks. This content is for educational purposes only.

Spot the legitimate email
- Round 2 of 7:

Identify the legitimate website in a sea of ‘spoofs.’

Next Question

This content is neither endorsed, nor sponsored, nor affiliated with PayPal. PayPal is the registered owner of logos and trademarks. This content is for educational purposes only.

Spot the legitimate email
- Round 3 of 7:

Select the email you believe to be legitimate.

survey_image
survey_image
Next Question

This content is neither endorsed, nor sponsored, nor affiliated with PayPal. PayPal is the registered owner of logos and trademarks. This content is for educational purposes only.

Spot the legitimate email
- Round 4 of 7:

Select the email you believe to be legitimate.

survey_image
survey_image
Next Question

This content is neither endorsed, nor sponsored, nor affiliated with Google. Google is the registered owner of logos and trademarks. This content is for educational purposes only.

Spot the legitimate email
- Round 5 of 7:

Identify the legitimate website in a sea of ‘spoofs.’

Next Question

Spot the legitimate email
- Round 6 of 7:

Select the email you believe to be legitimate.

survey_image
survey_image
Next Question

This content is neither endorsed, nor sponsored, nor affiliated with H&R Block. H&R Block is the registered owner of logos and trademarks. This content is for educational purposes only.

Spot the legitimate email
- Round 7 of 7:

Select the email you believe to be legitimate.

survey_image
survey_image
Next Question

This content is neither endorsed, nor sponsored, nor affiliated with Amazon. Amazon is the registered owner of logos and trademarks. This content is for educational purposes only.

You scored 0/7

What did you miss?

Download our ‘Top Tips for Spotting Phishing Emails’ and share them with your customers! We offer two files, one for you to use with the Barracuda brand and another for you to rebrand as you like.

Fill the form to access the downloads

5 TIPS FOR SPOTTING A PHISHING EMAIL (PDF) 5 TIPS FOR SPOTTING A PHISHING EMAIL (REBRANDABLE)

Did you know, phishing emails are improving everyday, so find out how Barracuda MSP can keep you and your customers safe from phishing attacks with Barracuda Phishline. Click here to take a demonstration today.

Round 1

  1. Be mindful of incorrect grammar in subject lines.
  2. Make sure the email is coming from a legitimate email address. Most scammers will use various emails addresses that have no relevance to the company they are trying to impersonate.
  3. A genuine email will normally reference an order number or tracking code in the subject line
  4. If you are not addressed directly on the email, chances are that this is a mass email, targeting multiple people at once.
  5. Always hover over links before clicking them. This will allow you to see if they lead to a legitimate site or not.

Round 2

d. https://www.paypal.com/us/webapps/mpp/pay-online

D is the correct answer. At a quick glance, any of these can seem legitimate, but if you look closely you can see the difference. One way you can narrow down your choices is looking for https. PayPal uses personal information and requires extra security, so it will always be https:// instead of just http://. However, A is spelled incorrectly, instead of PayPal you will be going to PayApl.

Anything before the forward slash is where you will be taken. Just because it says .com, doesn’t mean that the URL stops there, in B and C you are going to a different site that isn’t PayPal. This is how phishing scams catch you!

Round 3

  1. Make sure that email is coming from a legitimate email address. Most scammers will use various email addresses that have no relevance to the company they are trying to impersonate.
  2. If you are not addressed directly on the email, chances are that this is a mass email that is targeting multiple people at once.
  3. When receiving an email in relation to making a payment, make sure you recognize the person/company name, and that it is the amount you are expecting to pay.
  4. Be aware of ‘receipt’ emails that show the amount paid without a relevant currency symbol. This is a phishing email that is targeting more than one country or region.
  5. If links look suspicious, contact the company directly to check the authenticity before proceeding.

Round 4

  1. Be mindful of incorrect grammar in subject lines.
  2. Be cautious of emails coming from people you don’t know, especially if they are requesting you click a link.
  3. If links look suspicious, contact the person directly to check the authenticity before proceeding.
  4. Look for a disclaimer. Most legitimate emails have a disclaimer at the bottom of their emails.

Round 5

a. https://www.bankofamerica.com/

A is the correct answer in this situation. Phishing encourages you to rely on your instinct instead of looking closely at the details. First, you want to narrow down your choices by looking for https://. Bank of America requires personal information, so it will be https:// instead of just http://. In B, the ‘m’ is swapped out with an ‘n’ and so you will be going to Bank of Anerica instead. In C, the ‘o’ and the ‘a’ are swapped and instead you will be going to Bonk of America.

Round 6

  1. Identify whether the email address is spelled correctly, using the correct company name. A lot of phishing emails may alter the company name slightly in the hope you do not notice.
  2. Be cautious of emails that overuse bold fonts and colored text in emails.
  3. Watch out for language that pressures you to act quickly. Phishing emails often use urgency to trick users into clicking on malicious links or attachments.
  4. Look out for spelling and punctuation errors.
  5. If links look suspicious, contact the company directly to check the correspondence’s authenticity before proceeding.

Round 7

  1. If a subject line sounds too good to be true, it usually is.
  2. Make sure the senders email address is spelled correctly, using the correct company name. A lot of phishing emails may alter the company name slightly in the hope that you do not notice.
  3. If this is an email that you were not expecting, make sure that you recognize the person the gift is from.
  4. Hovering over links before clicking them will allow you to check if they lead to a legitimate site or not.