You say you can smell phish in your in-box?

Discovering that your online street smarts aren’t up to snuff has got to sting, yet more than a half-million individuals have unflinchingly summoned the courage to take MailFrontier’s Phishing IQ Test since July 2004. Because we thrive on danger in the news profession, I made two decisions last week: I’d take the test myself; and I’d reveal the results here no matter how abysmal my score.

Discovering that your online street smarts aren’t up to snuff has got to sting, yet more than a half-million individuals have unflinchingly summoned the courage to take MailFrontier’s Phishing IQ Test since July 2004. Test takers are asked to scan 10 real-life e-mail messages and judge whether each is a phishing attempt or legitimate commercial correspondence.

Because we thrive on danger in the news profession, I made two decisions last week: I’d take the test myself; and I’d reveal the results here no matter how abysmal my score. (You’ll simply have to trust me on the pledge and the grade.)

Those up to the challenge can access the test through www.networkworld.com, DocFinder 1140, but don’t forget to come back.

Before we find out if everyone gets to have a good laugh at my expense, let’s take a look at how the masses have been doing on the test. It’s a mixed report card that says plenty about the obstacles being faced today by honest companies that want to connect to their customers via e-mail.

“The first 50,000 people who took the test were terrible at identifying the fraudulent e-mail,” says Andy Klein, manager of the MailFrontier Threat Center. That group was able to sniff out just north of 60% of the stinky e-mail, meaning that about four of every 10 phishing lures in this mock exercise were gobbled hook, line and credit card number.

“The results have been getting better over time,” Klein says, with the company’s most recent analysis showing an 82% accuracy rate for spotting phishing attempts.

What’s driving the improvement? Growing public awareness of the telltale signs of phishing and greater diligence on the part of legitimate businesses in educating their customers about their standard do’s and don’ts regarding e-mail. “A little bit of knowledge and common sense go a long way,” Klein says.

But the news is far from all rosy. Although people have gotten better at shooting phish in a barrel, that higher success rate has produced collateral damage: A lot more legitimate e-mail is getting tagged as fraudulent. Whereas the early test takers correctly identified about 75% of legit e-mail, that rate is now down to about 50%, according to Klein.

In other words, people are pretty much guessing.

“The natural reaction is to back away and assume everything is bad,” Klein says. It’s an instinct that online merchants and security vendors are going to need to combat fiercely and effectively, lest it threaten the continued growth of Internet commerce.

OK, how’d I do on the test?

Not bad, if I must say so myself: nine out of 10 correct, including nailing all five of the fraudulent e-mails. Only 4% of those taking the test manage to score a perfect 10 for 10, according to Klein.

(If you plan to take the test yourself, skip the next paragraph because it gives away one of the answers.)

My lone mistake was sensing danger where apparently none existed in an invitation from a credit card company to save big bucks by consolidating my high-interest balances on other cards into a single account with them. The pitch seemed just a tad too breathless, especially considering the value – to a phisher – of what they were asking me to hand over. Erring on the side of caution and all.

Although it never occurred to me to plead my case on that incorrect answer, it has indeed occurred to others.

“We do get these folks who disagree with the answers – and they usually have good reasons,” Klein says. Alas, the decisions of the judges are final, but you can rest assured that these test results will not become part of your permanent record.

Want to brag about acing the test? The address is buzz@nww.com.