In the past 30 days, did you receive any message you considered suspicious (email, SMS/text, or chat)?
Approximately how many suspicious or phishing-like messages did you notice in the past 30 days? Enter a whole number (0 if none).
In the past 60 days, how often did you do each of the following?
How confident are you in handling a suspicious message appropriately?
When judging email legitimacy, order these cues from most to least important.
What is your most common way to report suspected phishing?
- Report Phish button/add-in in email
- Security email alias
- IT helpdesk ticket
- Messaging app bot
- Tell my manager
- I don't report them
- I'm not sure
On average, how many minutes pass between noticing a suspicious message and reporting it? Enter a whole number of minutes (enter 0 if you typically don't report).
What are the biggest blockers to reporting quickly? Select up to 3.
- Not sure what to include in a report
- Unsure which channel to use
- Worried about reporting a false alarm
- Too busy/no time
- Reporting tools are hard to find/use
- No feedback after reporting
- I resolve it myself instead of reporting
- None of the above
Attention check: To confirm you are paying attention, please select "I am paying attention".
- I am paying attention
- I skim surveys
- I'm not sure
- Prefer not to answer
When did you last complete mandatory security awareness training?
Which of the following security practices do you use on your primary work devices? Select all that apply.
- Multi-factor authentication (MFA)
- Password manager for work accounts
- Automatic OS and browser updates enabled
- Lock screen when away
- Use VPN on public networks
- Unique passwords per service
- Phishing-report add-in/button is installed
- I use none of these
Allocate 100 points to the areas where investment would most improve phishing readiness for your team.
Which actions are recommended when you suspect phishing? Select all that apply.
- Use the report button or security alias
- Avoid clicking links or opening attachments
- Verify requests via a known channel
- Share the suspicious email in a public chat
- Forward to personal email to check later
- Reply to the sender asking if it's legitimate
- Delete without reporting
What is your primary role?
How long have you been with the company?
Where do you primarily work?
What is your typical work setting?
What is one change that would help you handle phishing attempts better?
Max 100 chars
Scenario: A senior executive emails you requesting urgent gift card codes. What steps would you take before acting?
Max 600 chars
AI Interview: 2 Follow-up Questions on Phishing Readiness
Thank you for participating—your input helps us improve phishing readiness and support secure work.