Phishing quiz for employees: Questions, answers, and examples

Phishing (pronounced as ‘fishing’) is a cyber attack technique used by scammers to obtain sensitive information from users of electronic devices. In this blog post we talk about a simple way to provide security awareness training to your employees.


What is phishing?

Phishing (pronounced as ‘fishing’) is a cyber attack technique used by scammers to obtain sensitive information from users of electronic devices. Such sensitive information may include usernames, passwords, login credentials and credit card details. Cybercriminals masquerade themselves as a trusted company/entity and dupe the victim into opening a malicious link either by giving alerts/warnings or lucrative offers, which when clicked, can lead to the installation of malware into the victim’s system.

Emails are the most common way in which phishing is carried out, but phishing attempts are also made via text messages (called smishing), phone calls, or webpages (called web jacking/cyber jacking).

Regardless of the medium of communication, phishing attacks always use deception to trick users into giving up sensitive information.

Phishing Quiz for Employees To Test Their Skills

As the famous sayings go, “Better safe than sorry” and “Prevention is better than cure.” It is best for your company to be equipped with cybersecurity protocols and provide security awareness training to your employees as a means of preventing any phishing attempts made against your company or its employees.

Here are five potential questions with multiple-choice style answers you can present to your employees to test their knowledge.


1. What should employees do if they suspect a phishing attempt?

  • A. Interact with the scammer directly by confronting them and getting down to the bottom of the situation.
  • B. Forward the phishing email to a friend or colleague to ask them if they can check the link out first.
  • C. Double-check the email ID and the content, then contact your supervisor or the IT department to confirm its authenticity.
  • D. Click on the link anyway and see where it takes you.

The correct answer is C.

The safest thing to do is double-check any email that seems suspicious. Even if it’s from the company’s real email address and it seems legitimate, there are often subtle details that can tip you off. For example, the official and original company email would never ask you to reveal any sensitive information, be it personal or information pertaining to work or trade secrets.

Remember, no company can legally ask you to reveal any of your sensitive information such as one-time passwords (OTP), login credentials, or credit card details.


2. What are the most popular signs of a phishing scam?

  • A. The email comes with a disclaimer/alert notifying the user that it is spam.
  • B. The email is empty and contains nothing in the subject or body.
  • C. An authentic sender sending regular subscribed updates.
  • D. Inconsistency in the sender’s email ID and how the recipient is addressed.

The correct answer is D.

You should always pay attention to the little details. For example, a genuine email from a real company, involving a sensitive matter, always addresses their recipients with their name instead of “Dear user/customer”.

The email address of the sender should always be verified beforehand. An authentic email always originates from the email address of its real domain suffixed with the name of their company. For example if the email of the address is “customersupport.microsoft@gmail.com” then it is most likely to be a phishing email because every company has their own domain for all communication purposes.


3. How many phishing emails are sent every day globally?

  • A. Billions
  • B. Millions
  • C. Thousands
  • D. Hundreds

The correct answer is A.

Over 3.4 billion phishing emails are sent daily. Phishing scams have increased by 34% in 2021 compared to the previous year. Employees can end up wasting countless hours trying to determine which ones are real and which ones are fake. Over 79% of US organisations experienced phishing attacks in 2021.


4. What happens if you click on a phishing email link or attachment?

  • A. Browser/app is closed without any prompt.
  • B. You are redirected to a website that asks you to enter sensitive information or directs you to download an attachment.
  • C. You get an error page on the screen.
  • D. None of the above

The correct answer is B.

Phishing is a little more complicated than one might think. Sometimes phishing emails include links that trick you into downloading an attachment with malware or ransomware that can infect your computer or mobile device without your knowledge.

You should also know that if an email redirects you to a third party website where you are asked to reveal any sensitive information, it is a high possibility that it is a fraud email. Authentic companies would never ask you to reveal any sensitive information or send emails that direct you to third-party websites or include unreliable attachments.

In some cases, one might fall prey to a phishing attack and wouldn’t even realise it for a while. Meanwhile, the hacker continues to use your social media account or identity impersonating you (identity theft) until you become the victim of a bigger issue.


5. Why do I need to watch out for phishing emails?

  • A. For personal safety and security.
  • B. To protect your identity and sensitive information.
  • C. To prevent being duped and falling for scams.
  • D. All of the above.

The correct answer is D.

Phishing is a type of social engineering attack that aims to gain sensitive information. Malicious impersonators send these emails intending for them to look legitimate with the goal to trick you into clicking on a malicious link or opening a malicious attachment.

If you want to stay out of trouble and keep your information safe and secure, you have to be educated and prepared for how to identify phishing attempts. Always make sure your passwords are a mixture of numbers and letters along with some special characters.

Security of your social media or any other electronic accounts is very important, so always make sure to enable two-factor authentication to add an additional layer of security.

Contact any of the Team on 0117 959 5143 for more information.

Book a free IT health check today

If you are unsure of what IT requirements you have, or how to upgrade your existing system, book in for a free IT health check. We will assess all of your systems and plans and come up with a solution for your individual IT needs.