and its sister company, Jigsaw, made a quiz that you can
use to test your ability to spot phishing emails designed to
gain access to your personal information.
- The quiz shows you eight fishy email templates to see whether
you can tell the legitimate emails apart from those intended to
steal your data.
The average user receives
16 malicious emails a month, so it’s more important than
ever to be aware of what to look out for when sorting through
Phishing emails aren’t always as obvious as Nigerian princes
asking for money.
Hackers have advanced in their practices, and it’s become a lot
harder to tell whether that suspicious-looking email is legit. In
fact, more than 75% of organizations surveyed in an
annual cybersecurity report from Wombat Security said they
had experienced phishing attacks in 2017.
This is why Google and Jigsaw – a security-focused tech incubator
owned by Alphabet, Google’s parent company – teamed up to
create a quiz that measures your ability to
determine which emails seem to be phishing attempts. The
eight-question quiz takes you through various email examples and
asks you to decide whether the emails are designed to gain access
to your passwords and sensitive information.
The examples in the quiz are inspired by real phishing emails,
Google said. This includes a
phishing attempt in May 2017 from hackers that sent emails
with fake Google Doc links.
Here’s how the quiz works.
Before getting started, you’ll be asked for a name and email to use for the quiz. Don’t worry — they can be fake or decoy inputs, since they’re used only to create the email templates for the quiz.
The quiz has eight questions, each with a different email setup based on real-life phishing emails. It’s up to you to decide whether each email is a phishing attempt or a legitimate message.
It’s possible to determine the legitimacy of each email by digging around in its contents a bit first. Hovering over any link in the email will bring up the button’s URL, which you can use to determine if the email is the real deal.
The email in the quiz isn’t real, so clicking on a link in the
body won’t bring you anywhere. But remember that doing so on a
real phishing email would give hackers access to your
You can also open up the header in the sample email to explore more details about the message and its sender. In doing so, you can see more clearly if the sender is someone you know, and if the sender’s email is one you recognize.
After you make your guess about each email’s legitimacy, the quiz will walk you through the steps you can take to check out an email’s details and better determine whether it’s a scam or not.
But that’s only the first email sample of the eight in Google’s quiz. The second question tests your aptitude for spotting lookalike URLs that could trick you into clicking.
This one makes you pay special attention to the identity of the sender and encourages you to double-check the bogus-looking Google Drive link.
This email mirrors messages people may get from online storage sites, such as Dropbox.
This template tests your trust of suspicious-looking PDFs, which can often include malware or viruses. Google suggests opening files first in an online service, like Google Drive, to ensure you don’t download a virus directly to your computer.
Google said this email looks almost identical to a phishing attack used to successfully hack politicians’ emails.
An email similar to this was used to target think tanks and politicians. This email shows that suspicious links can be hidden within real-looking URLs.
This email sample reminds you to be cautious when deciding whether to grant account access to developers. Emails like this from Google are common, but it’s important to make sure you check the domain details to ensure it’s actually from Google.
No matter how well you do on the quiz, you can use the phishing examples to look out for sketchy-looking messages in the future.
You can take the
quiz for yourself to see if you can spot when you’re being