Phishing is the most common entry point for data breaches – not because it is technically sophisticated, but because it works on people, not systems. The 2024 Verizon Data Breach Investigations Report found that over 90 percent of successful cyberattacks begin with a phishing email. Firewalls, endpoint protection, and multi-factor authentication all matter – but none of them help when someone hands over their credentials voluntarily.
The attacks have gotten significantly harder to spot. The era of broken English and implausible scenarios is largely behind us. Today’s phishing emails are crafted to look exactly like messages from Microsoft, DocuSign, GitHub, your HR department, and even your CEO. The difference between a real email and a malicious one can come down to a single character in a domain name, or a URL that looks legitimate until you read it carefully.
We built this quiz to give individuals – and the organizations they work for – a fast, concrete way to see where they stand. Ten rounds, all based on real-world attack patterns and real legitimate email templates. Some scenarios are straightforward. Others are the kind that trip up experienced professionals. After each answer, you see exactly what to look for: the red flags that give attackers away, or the trust signals that confirm an email is genuine.
Take it below and see how you score.
<!-- INTRO SCREEN -->
<div id="introScreen">
<div class="intro-inner">
<div class="intro-icon"><i class="bi bi-shield-shaded"></i></div>
<h3>10 Rounds. Real Tactics. No Tricks.</h3>
<p>Each round shows a simulated email. You decide: <strong>Legitimate</strong> or <strong>Phishing</strong>. After you answer, we show you exactly what to look for.</p>
<button class="start-btn" onclick="startQuiz()">
<i class="bi bi-play-fill"></i> Start the Quiz
</button>
<div class="intro-chips">
<span class="chip"><i class="bi bi-clock"></i> About 5 minutes</span>
<span class="chip"><i class="bi bi-bar-chart-fill"></i> Scored out of 10</span>
<span class="chip"><i class="bi bi-share-fill"></i> Shareable results</span>
</div>
</div>
</div>
<!-- QUIZ SCREEN -->
<div id="quizScreen" style="display:none;">
<div class="score-bar">
<span>Round <strong id="roundNum">1</strong> of 10</span>
<span class="score-badge">Score: <span id="scoreNum">0</span> / 10</span>
</div>
<div class="progress-outer">
<div class="progress-inner" id="progressInner" style="width:0%"></div>
</div>
<div class="email-chrome">
<div class="chrome-dot red"></div>
<div class="chrome-dot yellow"></div>
<div class="chrome-dot green"></div>
<div class="chrome-actions">
<i class="bi bi-reply"></i>
<i class="bi bi-reply-all"></i>
<i class="bi bi-forward"></i>
<i class="bi bi-trash"></i>
<i class="bi bi-archive"></i>
</div>
</div>
<div class="email-header">
<div class="email-field"><span class="email-label">From:</span><span class="email-val" id="emailFrom"></span></div>
<div class="email-field"><span class="email-label">To:</span><span class="email-val" id="emailTo"></span></div>
<div class="email-field"><span class="email-label">Date:</span><span class="email-val" id="emailDate"></span></div>
<div class="email-field email-subject-row"><span class="email-subject-text" id="emailSubject"></span></div>
</div>
<div class="email-body" id="emailBody"></div>
<div class="action-row" id="actionRow">
<button class="judge-btn judge-legit" onclick="answer('legitimate')">
<i class="bi bi-check-circle-fill"></i> Legitimate
</button>
<button class="judge-btn judge-phish" onclick="answer('phishing')">
<i class="bi bi-exclamation-octagon-fill"></i> Phishing
</button>
</div>
<div id="resultPanel" style="display:none;"></div>
<div class="next-row" id="nextRow" style="display:none;">
<button class="next-btn" id="nextBtn" onclick="nextRound()">
Next Round <i class="bi bi-arrow-right"></i>
</button>
</div>
</div>
<!-- RESULTS SCREEN -->
<div id="resultsScreen" style="display:none;">
<div class="results-inner">
<div class="results-top">
<div class="score-display"><span id="finalScore">0</span><span class="score-denom"> / 10</span></div>
<div class="rating-badge" id="ratingBadge">Rating</div>
<p class="result-msg" id="resultMsg"></p>
</div>
<div class="training-cta-box" id="trainingCTA" style="display:none;">
<div class="cta-box-icon"><i class="bi bi-mortarboard-fill"></i></div>
<div class="cta-box-text">
<h4>Train Your Whole Team</h4>
<p>Phishing is the #1 entry point for data breaches. IT Dojo delivers Security Awareness Training for Federal, DoD, and corporate organizations.</p>
<a href="/contact/" class="cta-box-btn"><i class="bi bi-send-fill"></i> Get Training Info</a>
</div>
</div>
<div class="share-section">
<div class="share-label">Share Your Score on LinkedIn</div>
<div class="share-box">
<textarea class="share-text-area" id="shareTextArea" readonly></textarea>
<button class="copy-btn" id="copyBtn" onclick="copyShareText()">
<i class="bi bi-clipboard"></i> Copy
</button>
</div>
</div>
<div class="results-actions">
<button class="restart-btn" onclick="restartQuiz()">
<i class="bi bi-arrow-counterclockwise"></i> Try Again
</button>
<a href="/contact/" class="next-btn" style="text-decoration:none;">
Train Your Team <i class="bi bi-arrow-right"></i>
</a>
</div>
</div>
</div>
How IT Dojo Can Help
If your score was lower than you hoped, you are not alone – and it is not a reflection of your intelligence. The people who fall for phishing attacks are usually capable, busy professionals who were simply never trained to look for the right signals. Security awareness is a skill like any other: it can be taught, practiced, and measured.
IT Dojo offers instructor-led Cybersecurity training and CompTIA Security+ courses for Federal Government, DoD, and corporate organizations. Our instructors bring real-world backgrounds in information security and threat response – not just exam prep. We also work with organizations to build out broader security awareness programs tailored to their specific threat environment.
If this quiz surfaced a gap on your team, we can help you close it. Contact IT Dojo to talk about training options for your organization.