Google Offers a Quiz to Help You Identify Phishing Scams

Can you spot when you're being phished? If you paused for a second, you might want to take a phishing quiz designed to demonstrate how to separate fake emails from legitimate ones. The questionnaire is offered by Jigsaw, a technology incubator created by Google, and currently operated as a subsidiary of Alphabet Inc. The quiz was based on the company's security trainings held with about ten thousand journalists, activists, and political leaders around the world. No doubt, the inspiration for the tool was the growing number of phishing attacks, as according to Jigsaw, one percent of emails sent today are phishing attempts alone. The worst part is many hackers seek to gain control over the victim's email address, which is often a gateway to his other accounts, not to mention, various sensitive information. Thus, it is only natural that users who want to protect themselves from identity theft must learn how to avoid being phished.

How does the quiz work?

Once you click the TAKE THE QUIZ button, you are asked to provide a made-up name and email address. All you have to do is free your imagination, as you can enter anything you like; the information is needed to make the examples that the test generates more realistic. After clicking the GET STARTED button, you get to see the first situation. The description explains what you should inspect or take a closer look at to determine whether the given email example is phishing or legitimate. It does not matter if you guess right or wrong, as the quiz still shows why the email was fake or genuine. In total, there are eight questions, and each one displays a different type of email message that could appear to be phishing.

How can it help you spot phishing scams?

The Can You Spot When You're Being Phished quiz tells the user where to look at before interacting with emails they receive every day. It is recommended to check the sender's email address. In case it is a phishing scam, the address could be misspelled, or it may differ from the sender's name. Provided, the email comes from a specific company, users should search the email's address to verify the organization is using it. Another tip the quiz gives is to hover over links in the email, as the URL address can reveal the actual link's source. Completing all of the questions should help you memorize these tips. However, if you do not think one time was enough for them to sink deep in your memory, do the test all over again, and you should have the skills for identifying some of the most common phishing scams the next time you come across a suspicious email.

What are the most popular email phishing scams?

There are lots of different tactics cybercriminals may use, although some of them are employed a bit more often, which is why we list the three most common email phishing scams.

Emails claiming to be from recognized brands

Many users already know they should not trust emails coming from unknown sources. Therefore, it is no wonder many hackers try to pretend to be representatives of well-known brands, for example, PayPal, Google, Dropbox, and so on. The sender's email might look very similar to the one actually used by the company mentioned in the message. It's the same with the links mentioned in such emails, which is why users have to inspect them carefully. Even if it's just a single symbol misplaced in the sender's address or a small random string in the link's URL address, you should be extra cautious. In case you cannot identify whether the email is fake or legitimate, we would recommend contacting the company through a different email address, ideally provided on its official website, to ask whether someone working there could have sent such an email.

“You have won a lottery” emails

Even if you have always dreamed of winning a million dollars, you should not rush to claim your prize if you have never participated in the lottery the phishing email says you have won. The email might claim you will get the money as soon as you click the provided link, where you might be asked to submit your name, address, phone number, bank account's number, and other sensitive data. The mentioned sum might tempt you into trying to come up with an answer of how this could be possible, but eventually, you should accept the fact this is nothing more than a phishing scam. The best course of action in such situations is to report the phishing email and then erase it. To avoid such scams, it is usually enough to remember a simple rule: if it sounds too good to be true, it is most likely a scam.

Spear phishing

Spear phishing attacks are targeted at various companies. These attacks are rather sophisticated since they require gathering information about the organization and its employees. There are multiple ways the needed details can be obtained, for example, from the company's website, social media accounts, their employees' LinkedIn accounts, and so on. Once the hackers have the targeted victim's name, occupation, work phone number, or other information that would help to create a more convincing message, they send the phishing email and wait till the victim takes the bait. In this case, organizations should try to protect themselves from such scams by educating their employees. No doubt the Can You Spot When You're Being Phished quiz is an excellent place to start.

What extra precautions you can employ to protect your email?

The Can You Spot When You're Being Phished quiz creators highly recommend enabling Two-Factor Authentication, an extra security layer that allows logging in only after a second factor (e.g., code sent to the user's mobile phone) is provided. If the feature is set up, the cybercriminals will be unable to log into your account without providing the second factor, so the profile will be safe even if they obtain the password. Still, Two-Factor Authentication does not guarantee your account will be safe, as hackers may find a way to go around it. Thus, another thing you ought to do is make sure you set up a strong password that you should reveal to no one under any circumstances. One of the simplest ways to create a complex passcode is to use a password manager. For example, Cyclonis Password Manager can generate random passwords from up to 32 characters. There is no need to worry about how to memorize such a long combination since the application can do it for you. For more information about its capabilities and benefits, you should continue reading here.

To conclude, the best defense against phishing scams is knowledge. If you know how to spot a fake email, you will not click malicious links or open harmful files. Anyone who has an email account can become a target, so if you do not think you can recognize phishing scams yet, we recommend taking the Google phishing quiz. Of course, to protect yourself against not just phishing, but other attacks too, it is important you continue to educate yourself about cybercrime. If you are up to it, our blog can offer lots of articles with tips on how to defend yourself against cybercriminals.

March 1, 2019

Leave a Reply