MANILA, Philippines – Think you’re an expert at spotting email scams that try to phish for your data? A test made by Alphabet subsidiary Jigsaw, a technology incubator, can help gauge your ability.
The test is made up of 8 items that show you sample emails which you judge either as “phishing” or “legitimate.” You test an email by hovering over the contained links to see where they might lead, the email sender, or various typographical cues.
The most common strategy employed by the scammers, based on the test, is the look-alike URL. At first glance, the URL might seem like it came from a trusted source such as, say, Google Drive. But a closer look will often reveal that the real URL can be spotted in another part of the string.
Be specially wary of long URL strings, and look out for the real domain the link may be sending you to. For example, one phishing link had a URL of “drive--google.com.” Google said they had no such address, except for “drive.google.com.”
After you answer, the test shows you the parts of the email that would’ve told you that it wasn’t a legitimate email. It’s a nice, little brush-up for those who are already pretty adept at identifying phishing emails, and informative for those with less experience.
The test items are also based on real-life phishing campaigns. “One example is based on a legitimate Google security alert that appeared to be a phishing attack, while another was inspired by the email Russian hackers used to dupe John Podesta to get access to Hillary Clinton’s campaign,” said Gizmodo.
Funnily, the test URL isn’t the most familiar-looking for most Google users: phishingquiz.withgoogle.com. We’ve checked it though, and putting in withgoogle.com redirects to the main Google search page. Maybe it’s part of the test? – Rappler.com