Everybody loves quizzes. So why not take this one and hone your phish-spotting prowess?
Google’s technology incubator Jigsaw has revealed a quiz that tests users’ abilities to identify phishing attacks. In asking you to distinguish legitimate emails from phishing scams, the test reveals some of the most common scenarios that fraudsters use with a view to stealing your finances, data or identity. It comes complete with to-the-point explanations as to why this or that message is, or is not, a phishing attack.
According to Jigsaw’s blog post, the test is based on the company’s security trainings with “nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador”.
All eight scenarios draw on real-life techniques deployed by scammers. The examples vary and include files shared via Google Drive, email security alerts, Dropbox notifications and, of course, attachments that ask for your immediate attention but are, instead, intended to download information-stealing malware onto your machine.
Phishing remains the most pervasive of online cons and has for long been a highly effective method for fraudsters to steal people’s sensitive data. “One percent of emails sent today are phishing attempts,” according to Jigsaw’s figures.
Indeed, many security incidents begin with a user simply clicking on a malicious link or opening a dangerous attachment that is most commonly delivered via email or social media. Even though email filters do a good job of winnowing out many such scam attempts, some fraudulent emails will still slip through. Which is where phish-spotting skills can be critical, as can anti-phishing protection that is commonly part of reputable security software.
And, as Jigsaw itself recommends, you should enable two-factor authentication (2FA) wherever possible, if you haven’t done so already. The extra factor offers a valuable additional layer of protection in return for very little effort. It is best implemented via a dedicated hardware device or delivered through an authenticator app, rather than via text messages (although SMS is still better than nothing). The availability of various 2FA methods on various online services can be checked on this site.
Back to the testing, however: If you got all the answers right, congratulations! That said, it’s probably better not to be lulled into a sense of complacency. Many scams can be even more devious and are, indeed, “difficult to spot even for a trained eye”.
Did you fall for any of the eight examples? There’s no need to feel ashamed. At least you should have a better understanding of the threat, making you better equipped to protect yourself from actual phishing attacks.
If you’re up for some more testing, you may also want to head over to this questionnaire devised by researchers at the Universities of Cambridge and Helsinki. The test, which we wrote about last year, will gauge your susceptibility to falling for online scams and other types of internet crime.
written by Tomas Foltyn, ESET We Live Security