Can Americans Catch a Phish? 1 in 4 Take the Bait

Posted on Updated on

December 16, 2015

Phishing email scams attempt to lure people in by mimicking real emails from big companies so perpetrators can do things like install malware on your computer, access your bank account or even steal your identity. So how savvy are we when it comes to differentiating the real from the fake? To find out, we partnered with our friends at NBC’s TODAY show to create a quiz that tests your phishing email smarts.

So far, over 20,000 Americans have taken the quiz, developed from real emails that ESET security researchers collected and analyzed. First, if you haven’t already, take the quiz yourself—then read on (no peeking!) to see how you compare. (Note: The quiz works best in Chrome, Firefox or Safari browsers.)

Can you catch the phish?

You’ve got a bunch of emails that look like they’re from companies you’ve done business with. Can you tell which ones are phishes?

Take the Quiz!

What do the results reveal?

Fully 25% of people cannot consistently identify phishing emails (they missed correctly identifying one or more phish or non-phish). The question most often answered incorrectly was this Target email—it was not a phish, but 61% thought it was.


However, cybercriminals often do spin up phishing schemes to take advantage of vulnerable people and brands in crisis, as happened after the Anthem hack in early 2015, so it’s good to remain vigilant.

The phishing emails that fooled people most often were the Amazon and FedEx emails. One in five people were taken in by this:


Upon scrutiny, you can discern several clues. Amazon’s logo appears squished, and there are several grammatical errors at the end—unlikely in a real email from the world’s biggest retailer.

With this FedEx email, 22% of people were tricked.


The tell? Asking you to download an attachment—especially if it does not seem to match the content in the email—is suspicious. Downloading an attachment like this can deliver malware to your computer, often without you even knowing you have been infected.

Here is the breakdown from each email question, so you can see how you compare:

  • Southwest: 89% correctly identified this as a phish
  • Amazon: 79% correctly identified this as a phish
  • Google: 53% correctly identified this as NOT a phish
  • Apple: 87% correctly identified this as NOT a phish
  • FedEx: 78% correctly identified this as a phish
  • PayPal: 96% correctly identified this as a phish
  • Gap: 68% correctly identified this as NOT a phish
  • Target: 39% correctly identified this as NOT a phish

 So what does this all mean?

[…]Research indicates that phishing scams are still a major way that cybercriminals take advantage of people and businesses. It’s important for us to constantly educate the public, for businesses to educate employees, and for parents to educate kids… and kids to educate parents and grandparents!

The data show that one in four people still get things wrong, and once is all it takes. The basic lesson here is to always exercise caution and promote safe Internet practices.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s