The University of Texas at Austin

Security Awareness


This article has been retired from circulation and is no longer being updated or maintained. The information contained in this article may be innacurate and outdated. Please refer to our articles page for a list of current topics.

What’s Your Phishing IQ?

Test your ability to spot a scam e-mail message.

Just as a fisherman throws out a baited hook in hopes of luring a fish, Internet “phishers” also cast out shiny, attention-getting messages in hopes of reeling in an unsuspecting victim.  “Phishing” refers to Internet crooks sending IM or e-mail messages urgently requesting personal information, such as credit card numbers or passwords, in the hopes that an unsuspecting recipient will take the “bait.” These messages purport to be from a friend or a legitimate company. In reality, they are attempts at tricking users into revealing sensitive, personal information.

Phishing scams have been plaguing e-mail and IM inboxes for a while now. At first, these messages were obvious and crude—the typos often gave them away. However, these messages and the con artists who send them have become increasingly difficult to identify.

Think you’d be able to spot a phony message? It’s not as easy as you might think. Read these tips on identifying a phishing message and then take a quick quiz, on the MailFrontier Web site, to test your ability to spot a scam.

  • Be wary of urgent requests for personal or financial information. These often look like they are coming from an established business asking recipients to “update” or “confirm” sensitive information, such as account numbers, passwords or Social Security numbers.
  • If you are unsure about a message’s authenticity, never click a link within the IM or e-mail or download any attachments.
  • Legitimate companies will never contact you asking for personal information through an e-mail message or on the Internet. These companies are too aware of the security risks involved with sharing sensitive material online.
  • If you think the message may be legitimate, contact the sender independent of the message. For example, log onto the company’s Web site or phone them. Do not use contact information provided in the suspicious message. It may take you to a phony Web site.
  • Use anti-virus software and a firewall. These tools will scan and, when necessary, block incoming messages from unauthorized or unknown sources. Update your security software regularly.

Test your ability to spot phishing scams at the SonicWALL Web site.