Go phishing with Google

Google is inviting you to go on a special phishing expedition with them – and I think you should take the trip. The only question is timing: Should you go when fully awake or when half-asleep?

The phishing expedition is an eight-question quiz organized by Jigsaw, a special Google think tank. It gives examples of real-life phishing attempts, asks you to distinguish between the real and the fake emails, then explains what you really should have done.

Why phish?

Phishing is a huge security issue on the internet. Google estimates that an incredible one percent of all emails are phishing attempts. While some attempts may seem laughably unprofessional, others are sly enough to have tricked some well-known political figures. Jigsaw also used the real-life experiences from nearly 10,000 politicians, journalists, and activists to create this test. In fact, you will see something very much like the email received by John Podesta, Hilary Clinton’s campaign manager, which resulted in the Democratic Party’s servers being hacked and leaked.

No catch

To take the test, just go link and enter a name and email address – anything. This is not a data collection exercise (at least as far as I could tell). These details are incorporated into the quiz’s phish/nonphish emails, making them more realistic.

Jigsaw is addressing two points in the quiz: First – use two-factor authentication (That would have saved John Podesta’s career). Second -identifying phish is not as easy as one would think (but following some common rules will help). “We hope this quiz creates a fun way to learn about some of the most common phishing tricks,” wrote Justin Henck, Jigsaw Product Manager.

How awake should you be?

The real issue is how awake a person should be when taking the test. On the alert side, Jigsaw gives a number of small pointers in how to spot phishing emails such as hovering, fake URLs, and doing Google searches for suspect email addresses. These are valuable things to remember. On the asleep side, that is reality. Many people are half asleep and/or stressed when going through their email box – like John Podesta. As a learning experience, the first is definitely better. As an approximation of real life, there is that second option.

Again, remember the 2FA

Once again, regardless of how you score, remember to set up two-factor authentication for all of your online accounts. At least for your online life, it could be a lifesaver.

This post is also available in: GermanFrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.