PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Can You Spot a Phishing Scam? Take These Quizzes to Find Out

Phishing attempts can be easy to miss. See if you can tell them apart from legitimate messages and websites.

Kim Key
 & Kim Key Senior Writer, Security

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Xesai / Getty Images)

It's Cybersecurity Awareness Month, and each week I'm focusing on a theme from the See Yourself in Cyber campaign. Last week I asked you to stop changing your passwords so often, and this week it's time to talk about how to spot phishing attempts.

When I was a kid, my parents encouraged me to explore my neighborhood, socialize with other children, and go outside and run around. The few cautions I heard regularly were "be home before dark" and "pay attention to your surroundings." Those are excellent guidelines to follow at any age and in any context, so this week, I encourage SecurityWatch readers to heed the second bit of advice. Pay attention to your surroundings, even when you're online, to avoid being phished. If a message or website's content seems a little off or suspicious, don't click any links, don't open any attached files, and don't download any software.

According to Statista, the most common crime reported to the US Internet Crime Complaint Center in 2021 was phishing. Phishing lures are getting topical and sophisticated, too. Last year, cybersecurity researchers warned about the rise in phishing messages about COVID-19. In January, the FBI warned the public about hackers who are phishing victims using QR codes, and last October, criminals working for the Russian government tried to ensnare victims with phishing emails.

What Is Phishing?

Phishing is an attempt to steal victims' data or money using a deceptive lure in the form of an email, SMS, online ad, or fake website. For example, earlier this year, the FBI warned that cybercriminals are sending out SMS fraud alerts that look like they come from financial institutions. If a victim responds to one of the messages, the fraudsters spoof the bank's phone number, call the victim, impersonate the bank's fraud department, and encourage the victim to transfer all their money.

Common characteristics of phishing messages include: 

  • Claiming to be from someone you know and trust, such as a family member or your boss.
  • Impersonating a critical institution such as your bank, insurance company, or workplace.
  • Requesting your financial data or personal information.
  • Asking you to click links, download software, or open file attachments.

The traits above probably apply to many of the legitimate messages you receive, so how can you avoid being phished? Pay attention. If your browser alerts you about a potentially dangerous message, unsafe content, or a malicious website, heed the warning. Avoid clicking links, entering data, or downloading attachments from unknown or untrustworthy sources.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Adopt 4 Key Anti-Phishing Behaviors

To keep from getting phished, follow these tips:

  1. Never give away your data online. Avoid including usernames, passwords, government ID numbers, financial account information, birthdates, and other private information that could be used to impersonate you later in emails, phone calls, or text messages with people you don't know.  Don't give away your email address or phone number to a website if you have doubts about the site's legitimacy.
  2. Don't confirm your password right after clicking a link in a message. If you need to log in to a website or service after clicking a link you received in a message, open a fresh browser tab or window and directly type the URL you want to log into instead. Hackers can set up fraudulent websites and collect your login credentials with ease. 
  3. Take your time with urgent messages. Criminals often try to get victims to act quickly, so they don't have time to realize they're being duped. Be suspicious of anyone who asks you to respond to them or click on a link within a specific time period. Tax scams, for example, tend to have time limits attached to them. 
  4. If a message is too good to be true, ignore it. Dating scams, financial scams, and sweepstakes scams are all common. If you receive a note saying you've won a contest you never entered, and you just need to click a link to claim your prize, do not engage with the sender. Instead, report the message to your email service provider and go on with your day, knowing that you defeated yet another phishing attempt.

Quiz: Spot the Phishing Scam

Google's Jigsaw team developed a quiz to help everyone learn to spot phishing attempts. It shows visual examples of sophisticated phishing messages and asks users to determine whether they are being phished or not. You can practice hovering your mouse over links to see a real web address. You can also examine email headers and attachments, as in the screenshot below, to determine if a message is legitimate.

(Credit: PCMag)

Enterprise software juggernaut Cisco created a phishing quiz for employees. The questions are part of a comprehensive phishing hub containing important information on why phishing works and how criminals plan their attacks.

Create a Cybersecurity Toolbox

The easiest way to thwart phishing is to use the greatest tool you have: your brain. According to a 2020 survey by Statista, employees said distraction was the number one reason they clicked on a phishing link. Use your brain and focus on your online surroundings to curb future phishing attacks.

Here are some other habits that can help you avoid phishing fallout:

  • Use a password manager. Check your accounts for old passwords that may be duplicates, easy to guess, or previously compromised by a data breach. Create new passwords for your accounts and store the credentials in your secure vault. Having different passwords for each account means that if a hacker gets the login information for one of your accounts, they may not have the tools to be able to impersonate you all around the web.
  • Enable multi-factor authentication for your accounts. Add another layer of security to your accounts so that if one of your passwords is stolen, the attacker still needs another form of authentication to get into your accounts, such as something you have (such as a hardware token or cell phone) or something you are (such as your fingerprint).
  • Examine your browser's settings. If you use Google Chrome, consider turning on Safe Browsing at the level of protection you want under the Privacy and Security category in the Settings menu. Safe Browsing warns you about potentially malicious downloads, extensions, and websites. You also get alerts about leaked passwords, and Google scans files before you download them from the web if you choose to enable Enhanced protection while you browse. Firefox has a similar feature called Firefox Focus.

About Our Expert

Kim Key

Kim Key

Senior Writer, Security

My Experience

I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.

In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.

The Technology I Use

I like testing new software for work, but I'm less "plugged in" to the internet than I used to be. I tend to read app privacy policies to see what kind of data companies collect, and as a result of those findings, I don't use many mobile apps. In a similar vein, I was an early adopter of many social media platforms, but now I’m just an infrequent Reddit lurker.

I'm a gear junkie. I split my work time between a 2021 Apple MacBook Pro and a Lenovo ThinkPad. I shoot most of my videos for PCMag using a Canon M50, a Sony A7iii, and a Sony a6000. I edit videos using Final Cut Pro and Adobe Premiere Pro.

I write all of my words for PCMag either in the MS Notepad app on my ThinkPad or the Notes app on my iPhone 12 mini. If I'm traveling and working, I use my iPad to write short articles or take notes.

My dad built me my first computer sometime in the late '90s, and I used it for reading Encyclopedia Britannica and writing Sailor Moon fan fiction. My first phone was the ubiquitous Nokia candy bar.

Read the latest from Kim Key

Read full bio