Phishing is a persistent problem for businesses and individuals alike, and no matter how much money you spend on phishing protection solutions, there’s always a chance for a malicious e-mail to sneak through. While these dedicated services are an increasingly important component to keep your organization secure, it remains incumbent on your end-users to appropriately handle anything that sneaks through the filters.
Jigsaw, “an incubator within Alphabet”, the parent company of Google, has launched a phishing awareness effort aimed at helping people spot suspicious e-mails before they become a problem. At the center of this effort is a brief quiz to test your ability to distinguish a suspicious e-mail from a legitimate one.
It’s very easy to use, all you need to do is enter a name and e-mail address to get started…they don’t even need to be real. The quiz walks through 8 examples of phishing attempts, some of which were successfully used to hack into the accounts of business leaders and political candidates.
The interface goes a step beyond simply stating whether you guessed right or wrong but highlights the telltale markers that make the e-mail suspicious, and how users can spot them in the wild. Several common phishing methods are covered: domain spoofing, look-alike URLs, and malicious attachments.
While this in no way meant to replace any actual phishing protection or proper training, this quick quiz is something you can share to help raise awareness among the people in your organization. At the very least, it provides an opportunity to get people started on a casual conversation about cyberhygiene that could make proper cybersecurity training easier, and helping your network stay malware-free.