Can you spot the scam?
”Phishing
Your scam-spotting score
—
Four habits that stop most scams
- Verify
Confirm money & bank changes on a known number
Any request to change bank details, pay an invoice or make an urgent transfer gets verified by phoning a known contact — never by replying to the email or calling a number it provides.
- Inspect
Read the sender's domain, character by character
Look-alike domains are the giveaway — micros0ft.com with a zero, a .co instead of .com.au, or an extra hyphen. Hover links before clicking and check where they really go.
- Slow down
Treat urgency, secrecy and pressure as red flags
"Do it now", "keep this confidential", "before 4pm" — pressure exists to stop you checking. The more urgent and secret a request, the more it deserves a second look.
- Protect
Never approve a login or enter a password you didn't trigger
Unexpected MFA prompts mean your password is already out — deny them and reset it. And never type your password into a page you reached from an email link.
Use — Guide
How to use this tool
- Read each of the 8 randomly selected message scenarios carefully — they include emails, SMS and MFA prompts drawn from a pool of 24 realistic real-world scams.
- Select “Legit” or “Scam” for each scenario; you’ll get instant feedback revealing the red flags (or safe signals) immediately after you answer.
- Work through all 8 scenarios — your first instinct is locked in once you answer, so take a moment before choosing.
- Press “See my score” once all 8 are answered to receive your score out of 100 and a rating.
- Read the four habits panel — these are the practical actions that stop most phishing and BEC attacks in real life.
- Share the quiz link with colleagues, or contact Peritus Digital to run a formal phishing-simulation and awareness-training programme for your whole team.
FAQ — Questions
Frequently asked questions
01What does this quiz teach?
The quiz presents 8 randomly selected phishing and Business Email Compromise (BEC) scenarios drawn from a pool of 40+ — including credential-harvesting emails, CEO fraud, invoice-redirection scams, smishing and MFA-fatigue attacks. After each answer you see the red flags explained, building the instinct to slow down and verify before acting on suspicious messages.
02Are my answers or score stored anywhere?
No. The quiz runs entirely in your browser — your answers, score and identity are never sent to Peritus Digital or any third party unless you choose to submit the optional contact form at the end.
03Can I use this to train my whole team?
The quiz is a good starting point, but a single quiz builds awareness rather than lasting habit. Peritus Digital runs structured phishing-simulation programmes — realistic test emails sent to your real staff, with targeted follow-up training for anyone who clicks. Contact us to discuss a programme sized for your team.
04What is Business Email Compromise (BEC) and why does it matter?
BEC is a category of scam where attackers impersonate a trusted person — a manager, supplier or colleague — to trick staff into transferring money, changing bank details or handing over credentials. It accounts for the majority of financial losses from cybercrime for Australian small and medium businesses, and most cases start with a single convincing email.
More — Keep exploring
Related free tools
Want hands-on help, not just a check? Explore ourCyber Security service.
Train the whole team
One person clicking is all it takes — train your team to spot the scam.
Aced it? Even the scam-savvy can't sit the quiz for their whole team — and a real attack is sharper than any example here, arriving on the one busy day someone isn't looking. It only takes one click from one colleague. A quiz builds instincts; a programme builds a habit. Peritus runs realistic phishing simulations and security-awareness training for Hunter and Newcastle businesses — so everyone can recognise BEC, invoice fraud and credential-harvesting attacks before they cost you. Send your score through and we'll tailor a plan.
Prefer to talk? Call 02 4081 9500.
