Found via Pericat’s Unlocking the Air: the MailFrontier Phishing IQ Test II. This is good stuff. It tests your ability to distinguish legitimate business email—“the credit card number you have on file with us is about to expire, please update your account,” that sort of thing—from lookalike phishing scams.
(Backstory: Phishing scams are emails that appear to come from a trusted source—usually a real company that does business online—which try to trick you into giving out passwords, account names, email addresses, and personal financial information. In their commonest form, phishmail tells you that for some reason or another, the company they’re impersonating needs to have you update or verify your account information. If you follow the links in the letter, you’ll arrive at a mockup webpage for that company, where you’ll be asked to type in your personal information, codes, etc. Needless to say, this info will be used for nefarious purposes.)
The test has a couple of particularly good features. One is that it uses real business emails and real phish from MailFrontier’s collection. The other is that the answers page not only tells you how you scored on each question, but has a little “Why?” link that takes you to back to that letter and shows you where the clues were. It’s very instructive. I scored 10 out of 10 on the test, but I still picked up a couple of valuable pointers from their explanations.
If you want to test yourself further, MailFrontier’s first phishing IQ test is still up and running, though its punctuation has gotten a little wonky. The earlier version of the test doesn’t have the explanatory links on its answers page, but it does hit you with some impressively slick phishmails. They also have a couple of helpful articles (which would be even more helpful if they weren’t .pdf files): Ten Tips for Finding a Phish, and an up-to-date general article on Email Fraud.