Phishing is one of the most common cybercrimes, with 1 percent of all emails being phishing attempts. Clicking over the wrong link or downloading a suspicious file can get you in a world of trouble. Your usernames, passwords, and even credit card details can be stolen from right under your nose.
When we think of phishing, we might think of emails telling us about a lottery win or a foreign prince or diplomat offering us money. But most criminals have moved on from that and their attempts are increasingly subtle. To help the public get better at avoiding these traps, Jigsaw, a technology incubator created by Google, has now released a quiz that tests your ability to distinguish between legitimate emails and phishing attempts.
“In the case of more sophisticated attackers, phishing messages might look like a legitimate email written by someone you know," Justin Henck, Jigsaw Product Manager, wrote in a blog post. "These so-called 'spear-phishing' attacks are often one of the first steps of larger cyberattacks, where attackers use a carefully constructed email to fool someone into entering their login credentials into a fake page.
“We created this quiz based on the security training we’ve held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador. We’ve studied the latest techniques attackers use and designed the quiz to teach people how to spot them.”
Without giving too much away, the quiz asks you to insert a name and email address (real or fictitious) and then to analyze eight online communications such as emails, links, and app login requests. Some are legitimate but the rest are fake. It is not as simple as it sounds. Some approaches are obvious while others are so subtle that you will question even the non-phishing attempts. But at the end of the day, a bit more skepticism is not a bad thing to have.
If you’re worried you might end up being a victim of a phishing attempt the best defense is to use double-factor authentication, which makes it impossible for people to access your account even if they have your password.