There are many ways to hack, and one of the ways extract as many information from unsuspecting victims, is through phishing scam.
Not only that internet newbies can fall for such tricks, as even experienced users of the web can also fall for the scam if they are not careful. This is one of the reasons why Google introduces a phishing quiz.
The project by Jigsaw, a subsidiary of Google parent company Alphabet Inc., is a quiz where people can take a test to know how well they recognize malicious emails.
It displays several examples of common phishing techniques, including the hyperlink trick that disguises domain name to look like a real web address, but actually leads to a scam site.
In most of the tests, it teaches users the easy ways to be more secure by paying more attention to things by hovering on links in an email before clicking.
In a blog post, Jigsaw product manager Justin Henck said that:
“We created this quiz based on the security trainings we’ve held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador,” writes J. “We’ve studied the latest techniques attackers use, and designed the quiz to teach people how to spot them.”
Henck also said that phishing is, by far, the most common form of cyberattack.
Phishing scams aren’t limited to email, as there are also phone-specific phishing scams too. But email scams are fairly common.
With one percent of emails sent are phishing attempts, it is certainly a more serious threat than some people offering money, like for example, the Nigerian prince scam.
The goal of phishing scam, is about stealing people's login credentials. With attackers sending appealing messages, they can also include some links where recipients are asked to enter their personal information or password. Falling for this trick would deliberately give the attackers an easy access to their account.
Gmail and other top email services can catch a vast majority of these bogus messages. But still, some may pass through, and some people may still fell for it.
"Some of the most famous examples of hacking and cyber-theft began with phishing," continued Henck. "In 2016 hackers affiliated with the Russian intelligence services sent a carefully crafted spear-phishing email to John Podesta, Hillary Clinton’s campaign manager, and (because he didn’t have two-factor authentication enabled) they gained access to his email account."
The best protection against phishing is by using two-factor authentication.
When this security feature is enabled, users need to authenticate themselves using more than one method. What this means, even if an attacker is able to steal users' password, they won't be able to access that account without the second authentication method.
But still, if users can spot phishing attempts thrown to them in the first place, things would be a lot better for them.