You're a pretty tech-savvy person. You know how to avoid common scams. You can spot phishing e-mails a mile away – even spear phishing e-mails tailored specifically to fool you.
Would you like to put your skills to the test?
Jigsaw offers an online quiz to test your phish-detecting acumen. The quiz, based on the results of multiple worldwide security training sessions, features eight modified examples of real-life phishing scams – including the infamous attack that tricked John Podesta into allowing Russian hackers access to Hillary Clinton's campaign. All quiz questions are challenging and relatively subtle – there are no stereotypical Nigerian princes here. Since Jigsaw is a division of Google, you can trust that it’s legit; Google probably already knows more about you than you suspect!
You're presented with a fictional e-mail and asked to determine whether it's legitimate or a phishing attempt. Once you've made your choice, you're given the answer along with the clue(s) suggesting that the e-mail was either legitimate or fake. (Here's a hint – not all of them are fake.)
You can add your own e-mail address to make the experience seem more realistic – but if that's a bit too realistic for you, simply make up a name and e-mail address. With this feature, the Jigsaw quiz mimics a spear phishing campaign targeted toward you… or your fake persona.
The quiz drives home the need to examine carefully all aspects of any e-mail, from the sending address to any attachments or links involved. Is the e-mail from some person or group that you know, and is that the legitimate e-mail address of that person/group? Does an attachment look odd in some fashion, either the name or the alleged content? Do any included links appear legitimate?
One of the most effective link verification methods is to hover your cursor over a link to check the associated URL. Try it with the quiz link above. Notice the "https" that indicates a secure site. (You may not be certain that the website is legitimate, but in this case, you could search for "Jigsaw phishing quiz" and the same URL is likely to show up in the search results.)
Look for small variations in the URL or address. Typical methods include a single missing or changed letter, use of a different domain than the legitimate site (such as .co instead of .com), or a misdirection where a legitimate-looking portion of the URL is followed by a different destination.
When assessing your real-life e-mails, use secondary confirmation whenever possible. If you think any attachments are worth opening, confirm their legitimacy by sending an independent e-mail to the sender at a known address. Do independent searches to check the accuracy of links.
Most importantly, take your time to view all e-mails, links, and attachments with a critical eye. That's hard to do given the hectic pace of most of our lives (and the staggering number of e-mails received), but it's important. You may be able to spot phishing e-mails when you're faced with a quiz containing some known fakes. Can you spot phishing e-mails when you're distracted by your kids and trying to clear out your inbox in the five minutes you have before commuting to work?
Test your skills on the quiz, approaching it as if you were cleaning out your inbox. If you scored poorly, hopefully you learn new techniques to quickly spot any future phishing scams. Use these techniques to examine all of your e-mails and text messages with greater suspicion.
If you scored 100%, congratulations! You're at the top of your cybersecurity game. Have you considered renting out your services as a fully qualified phish-finder?
If you're online, you're being targeted by identity thieves. Protect yourself with a free MoneyTips trial membership.