Phishing attacks: how to avoid being scammed
New Google quiz aims to educate users about risks of responding to fraudulent messages
Google has developed an online quiz to help alert web users to one of the most common scams on the internet.
Created by the company’s experimental technology subsidiary Jigsaw, the series of eight questions and email examples is intended to raise awareness about the dangers of phishing, a cyberattack that fools users into handing over sensitive information, says The Verge.
“Every day millions of people click on bogus links in phishing emails - messages designed to steal your password or make you download malware,” Jigsaw says in a blog post.
“That’s why we created a quiz that helps you learn to better spot phishing emails, complete with the latest tricks and techniques.”
According to Jigsaw, phishing is “by far” the most prevalent form of cyberattack, representing 1% of all emails sent today.
The newly launched quiz includes material that the firm uses to help train journalists, political figures and activists to spot “spammy emails” that may contain links to phishing scams, reports Engadget.
Quiz takers have to decide whether each of the examples given is “phishing” or “legitimate”.
One shows an email that says the user has “received a new fax message”, says the Daily Mail. Althought the example looks legitimate, the email address is “efacks.com”, rather than the legitimate “efax.com” - an easy-to-overlook misspelling that users may mistake for the real thing.
What are phishing attacks?
Essentially, a phishing attack tricks web users into handing over sensitive information, such as email addresses and passwords, to scammers.
The process is often done through spam emails that ask users to click on a link and submit their details. These websites often look legitimate and may be a copy of a real site.
Scammers can also use phishing emails to “download malware onto your computer to log your keystrokes as you’re typing”, says Digital Trends. The malware then sends the data back to the bad actors, who try to use the information to determine your passwords.
How do you spot them?
Although phishing emails often look legitimate, there are a number of signs that give the game away.
Scam emails may contain spelling mistakes, or web addresses different to the ones mentioned in the message, says gadget news site TechRepublic.
Emails that claim to come from a government agency or demand money are usually fake. For instance, HMRC will only request a payment through the post or directly through your employer.
Can you avoid them?
Yes. If an email address displays some of the symptoms listed above, the best course of action is to simply delete the message.
If you do click on a link that you suspect may be a spam email, look the web address at the top of the page to check whether it’s a legitimate link, says PCMag.
In the worst-case scenario, if you’ve input a password, the best course of action is to reset your passwords for your online accounts and install anti-virus software.
And to protect from incidents such as these in the future, Jigsaw recommends that users have two-factor authentication enabled, which requires you to enter a password and a secure verification code each time you login.