I’m a big believer in learning by doing. There are certain things that are difficult to fully understand or appreciate until you’ve experienced them yourself.
A phishing attack should probably not be one of those things.
If you’re not up to speed on cybersecurity lingo, let’s start with a definition. Phishing is when a cyber attacker tries to gain access to sensitive information by pretending to be someone else.
Phishing usually occurs via email. The attacker might disguise themselves as a colleague to gain your login credentials, for example, or as your bank in order to obtain your credit card information and social security number. Unlike other kinds of cyberattacks, phishing targets vulnerabilities in people rather than gaps in technology. The goal is to convince you the message you’re looking at came from a legitimate, trustworthy source, thereby tricking you into following a fraudulent link or downloading a file containing a virus. Sometimes, the forged website or file looks like what you’d expect—it’s only details such as a weird URL string, misshapen logo, or incorrect contact information that would give the attack away.
Spotting phishing attacks certainly gets easier with practice, but for (hopefully) obvious reasons, you shouldn’t go around clicking every button in every email you receive.
Fortunately, Google recently launched a quick, interactive quiz that allows you to practice discerning fraudulent messages from real ones.
The quiz was designed to be as realistic as possible. The interface looks like an everyday email window, and some of the emails are actually based on real-world attacks. You can click around and make mistakes without putting yourself or your organization at risk. And you will make mistakes—I got a measly 5/8 my first time around.
For the sake of cybersecurity literacy, take the 2-minute quiz right now—and see if you can beat my score.