What does the cybersecurity Phishing Detector game test?

It tests pattern recognition across 12 email samples covering credential harvesters with lookalike domains, business email compromise, vendor invoice fraud, internal sender spoofing, and legitimate notices that phishers commonly imitate. Each sample maps to a real cybersecurity attacker tradecraft pattern.

How is the Phishing Detector cybersecurity game scored?

Each correct verdict earns 10 points. The maximum round score is 120 points across all 12 emails. Streaks of 3+ correct in a row earn a bonus multiplier. Your score, accuracy, and streak appear on your DecipherU profile if you are signed in.

Is suspicious a valid answer in the Phishing Detector?

Yes. Some samples are deliberately ambiguous, modeling cases where an analyst should escalate or verify out-of-band rather than commit to phishing or legitimate. Picking suspicious correctly on those cases scores full marks.

Can I replay the cybersecurity Phishing Detector?

Yes. Each round shuffles a fresh set of 8 from the 12-sample pool, so replays cover different patterns. We add new samples monthly as new phishing tradecraft surfaces in the wild.

Cybersecurity skill game

Phishing Detector.

Read each cybersecurity email like an analyst on shift. Call it phishing, suspicious, or legitimate. After every verdict, a tradecraft breakdown explains what you saw, what you missed, and why it matters in real incident response work.

Email 1 of 8

Score: 0

Invoice 47821 — please review and sign

From: Accounts Payable <billing@vendor-portal.app>

To: you@example.com · Today 07:13

Hello,

The attached invoice requires your signature before payment can be processed. Please review and sign within 24 hours to avoid service disruption.

Review invoice in DocuSign

If you have questions, reply to this email and our billing team will assist.

Hover preview — actual link targets

Review invoice in DocuSign → https://docu-sign.app/envelope/47821-pdf-secure

How to read the verdicts

Phishing means there is enough evidence in the visible email to conclude malicious intent: a lookalike sender domain, a credential-harvester link, a financial-fraud pattern, or a clear pretext.

Suspicious means the email may be malicious but cannot be confirmed from the email alone. Real analyst behavior here is to verify out-of-band, check headers and SPF/DKIM/DMARC, and not click. Suspicious is the right call when the email pattern is ambiguous.

Legitimate means the sender, link target, tone, and request all align with a normal communication from the claimed source. Phishers imitate these patterns, so being able to recognize the real thing is half the cybersecurity skill.

Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.

Last verified: 2026-04-26?Report an inaccuracy