Everybody loves quizzes. So why not take this
one and hone your phish-spotting prowess?
Google’s technology incubator Jigsaw has
revealed a quiz
that tests users’ abilities to identify phishing attacks. In asking you to
distinguish legitimate emails from phishing scams, the test reveals some of the
most common scenarios that fraudsters use with a view to stealing your
finances, data or identity. It comes complete with to-the-point explanations as
to why this or that message is, or is not, a phishing attack.
According to Jigsaw’s blog post, the test is based on the company’s
security trainings with “nearly 10,000 journalists, activists, and political
leaders around the world from Ukraine to Syria to Ecuador”.
All eight scenarios draw on real-life
techniques deployed by scammers. The examples vary and include files shared via
Google Drive, email security alerts, Dropbox notifications and, of course,
attachments that ask for your immediate attention but are, instead, intended to
download information-stealing malware onto your machine.
Phishing remains the most pervasive of online
cons and has for long been a highly effective method for fraudsters to steal
people’s sensitive data. “One percent of emails sent today are phishing
attempts,” according to Jigsaw’s figures.
Indeed, many security incidents begin with a
user simply clicking on a malicious link or opening a dangerous attachment that
is most commonly delivered via email or social media. Even though email
filters do a good job of winnowing out many such scam attempts, some fraudulent
emails will still slip through. Which is where phish-spotting skills can be critical, as can anti-phishing
protection that is commonly part of reputable security software.
And, as Jigsaw itself recommends, you should
enable two-factor authentication (2FA) wherever possible, if you
haven’t done so already. The extra factor offers a valuable additional layer of
protection in return for very little effort. It is best implemented via a
dedicated hardware device or delivered through an authenticator app, rather than via text messages (although SMS is still better
than nothing). The availability of various 2FA methods on various online
services can be checked on
this site.
Back to the testing, however: If you got all
the answers right, congratulations! That said, it’s probably better not to be
lulled into a sense of complacency. Many scams can be even more devious and
are, indeed, “difficult to spot even for a trained eye”.
Did you fall for any of the eight examples?
There’s no need to feel ashamed. At least you should have a better
understanding of the threat, making you better equipped to protect yourself
from actual phishing attacks.
If you’re up for some more testing, you may
also want to head over to this questionnaire devised by researchers at the Universities
of Cambridge and Helsinki. The test, which we wrote about last year, will gauge your susceptibility to
falling for online scams and other types of internet crime.
The complete article on: