Several years ago MailFrontier put together a short test for users to figure out whether or not a particular piece of email was real or a phishing for trouble. The company was sold to SonicWall, which was then sold to Dell. Thankfully, this IQ test still lives on at the below URL:
Phishing is the process of faking a real Website or email message by a bad actor. If you are fooled into thinking the site is legit, you click on the link in the message and usually some malware is downloaded to your computer, or you are taken to a place that asks for your personal information.
While you should expect that your bank or other financial partners to ask for your account information, it is the way that it is done that makes phishing more subtle and in some cases more troublesome.
I took the test several years ago and identified all the email messages correctly, but some of them took some thought and careful study before I could say for sure. And of course, while you are doing this test it is in an artificial environment, where you are looking for potential exploits. In the normal course of the business day where you are quickly scanning your inbox you might not be as vigilant. Indeed, just last week I got an email that I thought was suspicious, but thankfully took a moment to think it through before I clicked on the link that most certainly would have infected my computer.
Nevertheless, it is not an easy thing to determine whether a piece of email is real or not. You have to look at a lot of different aspects of the communication, including the mail headers, the subject line, any URLs that are referenced in the message body, and other things. The test was designed to help you become more skeptical about clicking on active links in your message traffic and hopefully train you to be more security conscious.