What does the cybersecurity Phishing Detector game test?

It tests pattern recognition across 12 email samples covering credential harvesters with lookalike domains, business email compromise, vendor invoice fraud, internal sender spoofing, and legitimate notices that phishers commonly imitate. Each sample maps to a real cybersecurity attacker tradecraft pattern.

How is the Phishing Detector cybersecurity game scored?

Each correct verdict earns 10 points. The maximum round score is 120 points across all 12 emails. Streaks of 3+ correct in a row earn a bonus multiplier. Your score, accuracy, and streak appear on your DecipherU profile if you are signed in.

Is suspicious a valid answer in the Phishing Detector?

Yes. Some samples are deliberately ambiguous, modeling cases where an analyst should escalate or verify out-of-band rather than commit to phishing or legitimate. Picking suspicious correctly on those cases scores full marks.

Can I replay the cybersecurity Phishing Detector?

Yes. Each round shuffles a fresh set of 8 from the 12-sample pool, so replays cover different patterns. We add new samples monthly as new phishing tradecraft surfaces in the wild.

Cybersecurity skill game

Phishing Detector.

Read each cybersecurity email like an analyst on shift. Call it phishing, suspicious, or legitimate. After every verdict, a tradecraft breakdown explains what you saw, what you missed, and why it matters in real incident response work.

Email 1 of 8

Score: 0

[your-org/api] Bump axios from 1.6.2 to 1.7.4

From: dependabot[bot] via GitHub <notifications@github.com>

To: you@example.com · Yesterday 14:22

dependabot opened a pull request: Bump axios from 1.6.2 to 1.7.4

This pull request bumps axios from 1.6.2 to 1.7.4. Release notes and commits are linked below.

You can disable Dependabot from your repository settings.

Hover preview, actual link targets

View pull request → https://github.com/your-org/api/pull/1247

Release notes → https://github.com/axios/axios/releases/tag/v1.7.4

How to read the verdicts

Phishing means there is enough evidence in the visible email to conclude malicious intent: a lookalike sender domain, a credential-harvester link, a financial-fraud pattern, or a clear pretext.

Suspicious means the email may be malicious but cannot be confirmed from the email alone. Real analyst behavior here is to verify out-of-band, check headers and SPF/DKIM/DMARC, and not click. Suspicious is the right call when the email pattern is ambiguous.

Legitimate means the sender, link target, tone, and request all align with a normal communication from the claimed source. Phishers imitate these patterns, so being able to recognize the real thing is half the cybersecurity skill.

Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.

Last verified: 2026-04-26?Report an inaccuracy