Jigsaw, an experimental incubator project at Google tasked with trying to solve problems in the tech world, has set a phishing test to see how easily we can be scammed. The test is free and well worth the few minutes it will take as it not only tests whether you can tell the difference between legitimate and phishing email but also educates you on the differences.
The phishing quiz only takes a short time to complete. It’s not the easiest phishing test I’ve tried. When I ran through it, I didn’t spot any really terrible grammatical errors or poorly written messages.
All of the emails, at first glance, looked legitimate. It was only after closely checking the sender’s email address and mousing over links to check addresses thoroughly that I could tell which messages were most likely scams.
At the start of the process, you’re asked to provide a name and email address. In my case, I used my Gmail address and one of the messages looked like it specifically targeted a service I use. I’m a fan of using TripIt to manage my travel and I received a message in the test that specifically used TripIt.
There were also similar test messages that used Dropbox and Google Drive. But that’s not surprising seeing as many people will have access to those services.
After answering each question, you’re told whether you correctly picked the phishing message and then receive some quick notes on why each specific message may or may not be an attack.
Jigsaw has published a blog about the phishing test, saying the quiz is based on what they’ve learned from security training with 10,000 journalists, activists, and political leaders around the world. They have looked at the latest techniques attackers use.