This is a good test for everyone to take. You'd be surprised how vulnerable people are without even realizing it.
Now I'm a professional computer systems engineer and I've been involved with internet security, viruses and the like since before PC's were even invented.
I got 9/10 the one I got wrong was the "phising" from sender.
However, my method of verifying a senders address is very different than what they would assume.
I would look at the message header, obtain the origin IP address, then do a
reverse DNS lookup on the IP address to verify that that address belongs to the domain of the sender. I would also look at all the mail relays used along the way and verify them the same way.
If any one test failed, I'd ignore the message.
A really good mail server should do most of that automatically for you.
In fact the last version of Sendmail (8.2.2?) I worked with(3 yrs ago) would allow you to make it requirement for the sending host to have a PTR record (reverse DNS entry) in the DNS and that the host name and domain name of the email all matched. If not the mail would be refused.
Thought I'd share.
