Congratualtions! Youve just won a free luxury cruise too Bahamas. You must urgently reply to this e mail with your complet creditcard information in the next 24-hours to collect your prize. — Most sincerely, His RoyalHighness, King of Nigeria
You're probably rolling your eyes at this obvious example of a scam email — you'd never be gullible enough to fall for something like that. These information-soliciting scams (commonly known as phishing) are extremely common on the internet today, especially in email form. Although most of them are easy to spot, we should never allow this to lull us into a false sense of security. More advanced phishing attacks can be difficult to detect, and many of them are targeted “spear phishing” attacks that leverage knowledge of the victims to appear more convincing.
One of the keys to detecting phishing attacks is attention to detail. Emails from unknown senders filled with obvious misspellings, like the example above, are easy to spot. An email that closely imitates a legitimate message will be much more difficult to spot. In order to teach users how to distinguish legitimate emails from dangerous ones, Google created a short interactive quiz at phishingquiz.withgoogle.com.
Ironically, the phishing quiz begins with a form that asks for a name and email address. At first we thought this was a sneaky trick question, since it'd be a perfect opportunity for someone imitating Google to collect data under the guise of a quiz — a true double-cross. However, it clearly says you can use a made-up name, and we know from past experience that the domain this site is hosted on (withgoogle.com) is legitimate. Feel free to enter “John Smith” to start the quiz, and then see how you fare against the 8 examples.
For more information on phishing attacks and how to avoid them, refer to our previous article, Can You Spot the Signs of a Phishing Scam?