Recognizing sketchy emails designed to steal your password or trick you into installing malware may be the most important cybersecurity skill one can learn.
People fall for phishing emails every day. In fact, phishing was involved in 70 percent of breaches last year, according to the Verizon Data Breach Investigation Report. And despite awareness-spreading efforts, phishing still works. Almost 11 percent of people who receive a phishing email fall for it, according to internet security company Cofense.
Alphabet’s subsidiary Jigsaw, though, just launched a quiz that hopes to teach people how to spot phishing emails.
The quiz has eight examples of potentially malicious emails, all inspired by real phishing emails Google has seen in the wild.
There’s even an example inspired by the emails that tricked Hillary Clinton campaign manager and veteran Republican politician Colin Powell to give their passwords to Russian hackers.
As a seasoned cybersecurity reporter, I like to believe my paranoia levels are pretty high, and thus I should be pretty good at spotting phishing emails. But even I wasn’t perfect: I correctly identified seven of of the eight emails.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
For people who are not as well trained and accustomed to being vigilant as I am, this quiz is a very good opportunity to learn. After each response in the quiz, it explains what signs you should have looked at to figure out if the email was legitimate or malicious.
And kudos to Jigsaw for including an example inspired by a Google snafu, where the company sent out a confusing Gmail security alert that looked like a phishing attempt, as well as a massive Google Doc phishing worm that hit around one million users.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.