Did you fall for it? Don’t be too hard on yourself if you did: every day millions of people click on bogus links in phishing emails — messages designed to steal your password or make you download malware. That’s why we created a quiz that helps you learn to better spot phishing emails, complete with the latest tricks and techniques.
Phishing is, by far, the most common form of cyberattack. One percent of emails sent today are phishing attempts. And it often represents a more serious threat than the nuisance offers for free money we’ve all seen in our inboxes.
Phishing is about stealing your password. Attackers send you an appealing message — maybe free money, a faraway prince who needs your help, or a bogus security alert — that includes a link where you’re asked to enter your personal information or password, giving attackers access to your account. Gmail and other top email services catch the vast majority of these bogus messages, but you’ve probably seen an example.
In the case of more sophisticated attackers, phishing messages might look like a legitimate email written by someone you know. These so-called “spear-phishing” attacks are often one of the first steps of larger cyberattacks, where attackers use a carefully constructed email to fool someone into entering their login credentials into a fake page.
We created this quiz based on the security trainings we’ve held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador. We’ve studied the latest techniques attackers use, and designed the quiz to teach people how to spot them.
Some of the most famous examples of hacking and cyber-theft began with phishing. In 2016 hackers affiliated with the Russian intelligence services sent a carefully crafted spear-phishing email to John Podesta, Hillary Clinton’s campaign manager, and (because he didn’t have two-factor authentication enabled) they gained access to his email account.
The best protection against phishing is two-factor authentication. When you have two-factor authentication enabled, even if an attacker successfully steals your password they won’t be able to access your account. We also offer a Chrome extension called Password Alert that protects you from entering your Google password in a fake login page.
But the second-best protection against phishing is knowing how to spot it in the first place. It’s not always as easy as it looks — attackers have become more sophisticated at making their phishing attempts seem legit. Try taking our Phishing Quiz and see if you get spot all the fakes. We hope this quiz creates a fun way to learn about some of the most common phishing tricks.