Phishing came up during a discussion in an ITGS class this week, and it became clear to me that many students haven’t heard of the term before and weren’t clear how to distinguish genuine emails from fraudulent ones. One suggestion was to ‘click it and see’. Given that some sophisticated phishing emails can drop a payload just by opening the email, this is properly not a great idea. I’ve posted examples of phishing emails and how to detect phishing emails before, but here are three anti-phishing quizzes to act as a quick reminder.
Google Anti-Phishing Quiz
This anti phishing quiz was created by Google in response to massive phishing attacks targeting its users in 2017. The quiz reconstructs typical emails users might receive from genuine businesses and phishers. The advantage of this approach is that elements such as links can be ‘hovered’ over to see their true destination – an important technique for detecting phishing. Note that the name and email you have to ‘sign up’ with at the start of this quiz can be totally fictitious – it is just used to make the emails more realistic. Take the quiz here.
SonicWall Phishing IQ Test
This is another quiz that uses screenshots of actual phishing emails. These cover a range of ‘traditional’ phishing attempts, including the ‘classic’ DHL package tracking emails and the ‘Your PayPal account has been suspended’ messages. Still, these types of emails are only common because they work… You can take the test yourself here.
Accellis Anti-Phishing Quiz
The Anti-Phishing Quiz from Accellis Technology Group uses screenshots of actual phishing emails to test users. The examples use many of the tricks employed by real-world attackers, including look-alike domains. You can take the quiz here.