Questions: Email Safety & Professional Communication
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
You receive an email from 'PayPal Security Team' with the subject 'URGENT: Your account will be suspended in 24 hours.' The email asks you to click a link and verify your account immediately. What is the best response?
AClick the link — the urgency and the official sender name confirm the threat is real
BReply to the email requesting more information before clicking
COpen a new browser tab, navigate directly to PayPal's official website, and log in there to check your account status
DForward the email to PayPal's listed contact address to verify
Urgency and an official-looking display name are precisely the tools phishing emails use to bypass critical thinking. The correct response is to never click links in suspicious emails. Instead, navigate to the organization's official website yourself — the email's link may lead to a fraudulent site. Replying (option B) gives scammers more information and doesn't verify legitimacy. Forwarding (option D) still uses the email's contact information, which cannot be trusted.
Question 2 Multiple Choice
Which of the following best explains why professional email tone matters even when writing to someone who already knows you well?
AProfessional emails are legally required for most workplace communications
BFormal language is always more respectful than casual language
CEmail is a permanent record that can be forwarded, screenshotted, or read by unintended audiences
DCasual language is harder to read and may cause miscommunication
The key reason professional tone matters is that email creates a permanent, forwardable document. Unlike a private conversation, an email you wrote casually to a colleague could be forwarded to a manager, included in a complaint, or read in a context you never anticipated. Professional tone protects you by making your communication clear and appropriate in contexts you cannot fully predict.
Question 3 True / False
An email that creates a strong feeling of urgency or fear — such as 'Act now or your account will be deleted' — is actually a reason to slow down and verify before responding, not a reason to act immediately.
TTrue
FFalse
Answer: True
Urgency is one of the three primary psychological levers phishing emails exploit (along with authority and fear). Scammers deliberately manufacture urgency to bypass your critical judgment. Legitimate organizations almost never require you to take immediate action under threat of permanent consequences. Feeling urgency from an unexpected email is a signal to pause and verify through official channels — not a signal to comply.
Question 4 True / False
If an email's sender display name shows 'IRS Tax Support,' you can be confident the email is from the official IRS, because major institutions control what display names appear in their communications.
TTrue
FFalse
Answer: False
Display names can be set to anything by the sender — they do not verify identity. A phishing email can display 'IRS Tax Support,' 'Your Bank,' or 'Apple Security' regardless of the actual email address it was sent from. The actual email address — visible by hovering or clicking the sender's name — is what you must check. Furthermore, no legitimate government agency, bank, or major service provider will ask for sensitive personal information over email.
Question 5 Short Answer
Why is 'this email looks official' not a reliable indicator that an email is legitimate? What should you check instead, and why is that more trustworthy?
Think about your answer, then reveal below.
Model answer: Phishing emails are specifically designed to look official — they copy logos, color schemes, and language from the institutions they impersonate. Visual appearance can be replicated exactly. The actual email address (not just the display name) is harder to fake convincingly, because it must come from a real domain. You should hover over the sender's name to reveal the actual address and compare it against the organization's verified domain. When in doubt, navigate to the organization's official website directly and contact them using a number listed there — never a number provided in the suspicious email.
This tests the most important practical distinction: visual plausibility vs. verifiable identity. An email address like [email protected] (with a '1' instead of 'l') is easy to miss at a glance. Checking the actual domain is one of the most reliable quick checks available to a non-technical user.