Think you can spot a phishing email from a mile away? Believe your password habits are secure? This cybersecurity quiz challenges what you think you know about staying safe online.
This cyber awareness test combines real-world scenarios with quick knowledge checks to reveal your security strengths and blind spots. Whether you’re a business owner, IT professional, or just someone who wants to stay safe online, this phishing quiz will help identify areas where you might be vulnerable.
(Answers at the end)
Ready? Let’s begin.
Round 1: True or False?
Question 1
True or False: Using the same strong password across multiple accounts is acceptable as long as the password is complex (includes numbers, symbols, uppercase, and lowercase letters).
Question 2
True or False: It’s not safe to check your bank account on public Wi-Fi at a coffee shop even if the website shows the padlock icon (HTTPS).
Question 3
True or False: All multi-factor authentication methods provide the same level of security, so it doesn’t matter whether you use text messages, authentication apps, or email codes.
Question 4
True or False: Posting pictures of your work desk on social media is fine as long as your profile is set to “Friends Only.”
Question 5
True or False: If your backup system runs automatically every night without errors, you can trust it will work when you need to restore files.
True or False Section Answers (+ Explanations)
Question 1
Answer: False
Password reuse is one of the biggest security mistakes employees make. Even a complex password becomes useless when reused. If one account gets breached, hackers test that password on other services. Use a password manager to create unique passwords for every account.
Question 2
Answer: True
While HTTPS provides encryption, public Wi-Fi networks can still be dangerous. Hackers can create fake “evil twin” networks that look legitimate. For sensitive activities like banking, use your phone’s cellular data or a VPN on public Wi-Fi.
Question 3
Answer: False
Authentication apps (like Microsoft Authenticator or Google Authenticator) provide the strongest readily available protection. While any MFA is better than none, choosing the right method matters for maximum protection.
Question 4
Answer: False
Even with privacy settings, stray ‘confidential’ information can leak through friends’ accounts, tagged photos, or compromised accounts. Post-its, desktop screens, or notepads can all reveal business information that needs to stay private.
Question 5
Answer: False
Automatic backups running successfully only means data is being copied, not that it can be restored. Countless businesses discovered corrupted or incomplete backups during ransomware attacks. A backup you haven’t tested is just a false sense of security.
Round 2: Multiple Choice
Question 1: Phishing Email Recognition
You receive an email from “IT Support” saying your password expires in 24 hours. The email includes a link to “verify your account immediately” or risk being locked out.
What should you do?
- A) Click the link quickly before you get locked out
- B) Reply to the email asking if it’s legitimate
- C) Forward it to colleagues to warn them
- D) Close the email and contact IT through your known company directory
Question 2: Urgent Request Scenario
Your “CEO” emails you directly (which rarely happens), asking you to purchase gift cards immediately for a client emergency. The email says, “Don’t call me; I’m in meetings all day. Just reply with the codes once purchased.”
What’s happening here?
- A) The CEO is testing your responsiveness
- B) Business email compromise (BEC) attack
- C) Legitimate urgent request that requires immediate action
- D) IT department testing your security awareness
Question 3: Attachment Safety
You receive an email from a known vendor with an invoice attachment named “Invoice_Q4_2024.pdf.exe”
Which part of this is the biggest red flag?
- A) The file has a .exe extension
- B) It’s from a vendor you recognize
- C) It mentions Q4 2024
- D) It’s labeled as an invoice
Question 4: Software Updates
Your computer prompts you to install a critical security update, but you’re in the middle of an important project.
What’s the best approach?
- A) Postpone for a month. You’re too busy to deal with this right now.
- B) Ignore it completely. Updates cause delays, and they never make a difference to the user experience anyway.
- C) Install it immediately and restart
- D) Schedule it for tonight or first thing tomorrow
Question 5: Suspicious Link Detection
You receive a LinkedIn message from someone you don’t know: “I saw your profile and think you’d be perfect for this opportunity: bit.ly/JobOffer2024”
What makes this suspicious?
- A) The message is from an unknown connection
- B) Uses a shortened URL that hides the real destination
- C) Offers something too good to be true
- D) All of the above
Multiple Choice Section Answers (+ Explanations)
Question 1
Answer: D
This is a classic phishing attempt creating artificial urgency. Legitimate IT departments never send urgent password reset emails with links.
Always contact IT directly using contact information you already have, never through links or numbers in suspicious emails. Don’t reply (confirms your email is active) or forward (spreads the attack).
Question 2
Answer: B
This is a textbook business email compromise attack. Red flags include unusual requests from an executive, artificial urgency, instructions not to verify through normal channels, and requesting gift cards (untraceable payment).
Always verify unusual requests through a separate communication channel, even if they appear to come from leadership.
Question 3
Answer: A
The .exe extension is the critical warning sign. Invoices should be PDFs, Word documents, or Excel files – never executable (.exe) files. This is malware disguised as a legitimate document.
Question 4
Answer: C or D
Critical security updates patch vulnerabilities attackers actively exploit. While immediate installation is ideal, scheduling it within 24 hours is acceptable if you’re managing time-sensitive work.
Question 5
Answer: D
All three elements signal danger. Unknown connections offering opportunities, shortened URLs hiding destinations, and too-good-to-be-true offers are phishing hallmarks. Hover over links (don’t click) to preview destinations. When in doubt, research the company directly rather than clicking suspicious links.
What Your Score Means
This phishing quiz and cyber awareness test reveal common scenarios that trick even cautious users. If you scored lower than expected, you’re not alone. These attacks succeed because they exploit human psychology, not technical knowledge.
Next Steps Based on Your Score:
Scored 7-10? You have strong security fundamentals. Consider advancing your knowledge with regular training on emerging threats. Professional cybersecurity services can help implement advanced protections that complement your awareness.
Scored 4-6? You understand basic concepts but have gaps that attackers could exploit. Focus on regular security awareness training and consider implementing additional security tools like password managers and MFA across all accounts.
Scored 0-3? Your business could face significant risk. Schedule a comprehensive security assessment and mandatory employee training immediately. Work with cybersecurity experts to develop a protection strategy before an incident occurs.
Ready to Strengthen Your Cybersecurity?
This online security challenge identified gaps in your knowledge. Now it’s time to fill them.
Talk to Infinity Technologies about strengthening your cybersecurity today.
