I almost got phished last week by a very genuine-looking email from Energy Australia. It was genuine enough that I clicked on it and was only saved by a warning from Google that there be monsters where I was heading. Of course the thing that should have alerted me to a problem was the email address, but everything else was so well done (and I was so concerned about the amount) that I only noticed that after the fact.
Google, or rather one of its sister organisations within the Alphabet Group, is concerned enough about phishing that it’s made a little quiz or game to teach you what to look for. It’s worthwhile taking a couple of minutes to run through it and just check you know what’s what.
It is a little disconcerting that the first page asks you for a name and email (wouldn’t an anti-phishing lesson be a great way to phish?) but you don’t need to, and in fact shouldn’t, use real ones.
The quiz is drawn from materials used to train thousands of journalists, political figures and activists and so it’s very real stuff.
Apparently one percent of all emails are phishing emails. In contrast to things like the old Nigerian scams, the phishing emails don’t come with deliberate errors to weed out false positives. They are not trying to suck the gullible into engaging, all they are after is your ID and password and so the emails aim to look as legitimate as possible.
As the quiz’s creators point out: “The best protection against phishing is two-factor authentication. When you have two-factor authentication enabled, even if an attacker successfully steals your password they won’t be able to access your account.”
The quiz can be found here.