As we’ve shifted to an online world, we’ve sadly seen a huge increase in the quantity and sophistication of phishing attacks.
Just in case mention of that term had you pondering picking up gumboots and long lines and dreaming of trout, that’s fishing. Totally different thing.
Phishing is the term used to describe fraudulent ways to gain access to systems and information, whether that’s your personal details for the purposes of identity theft, or access to your online bank accounts for more traditional stealing activities.
Google recently launched a phishing quiz to help everyday web users identify phishing attacks, and it’s a very smart approach. I’d highly encourage you to give it a go — you can find it at https://phishingquiz.withgoogle.com/ — because whether you ace the quiz or flunk it entirely, there’s plenty to be learned. It’s part of Google’s wider efforts to make the web a safer place, alongside efforts to highlight insecure URLs for domains not using HTTPS encryption, and other measures.
The quiz itself encourages you to enter a name and email, and it actively encourages you to use a fake one, not that it captures this data regardless. Then again, it’s Google-based, and it probably already knows who you are anyway.
It then walks you through common phishing scenarios to see if you can correctly pick legitimate emails from their more fraudulent counterparts. Whether you get it right or wrong, you’re walked through what to look for and what to check for when a new email comes in, which is again, a smart approach.
If you’re right, it’s a refresher in what you should be doing with real email, and if you’re wrong, it’s the first step in learning what to look out for.
What I found fascinating in taking the test is how many very simple techniques scammers use when phishing in order to lure in their prey. While the visuals are more sophisticated, there’s a mix of straight up technological obfuscation at play — because the scammers want to appear as though they’re actually your work colleagues, bank or other important business you deal with — there’s also an element of psychological manipulation to deal with as well.
That’s why while it’s important to keep an eye out for more obvious clues, such as email addresses or URLs that don’t quite resolve where they should if you hover your mouse over them — it’s also important to stay calm when opening email, even if it appears alarming. Much of what works within a phishing approach does so because they try to short-circuit your logical thinking processes. That can come either by appearing to be from a friendly source, so they look like a zipped up bunch of photos from your significant other, or by making you outright panic with a warning about warrants for your arrest, lockdown of your valuable online accounts, or even just a simple request to reset your password following a “breach” of your account.
So what should you do in all cases? Check the URLs (or email addresses) of any email asking you to open a link or attached file carefully. Keep your anti-malware software up to date, because that way if you do accidentally click on the wrong URL, you’re at least a little safer if your software intercepts the dodgy URL before loading anything. But above all, use your brain when assessing an incoming message. If it looks dodgy, or it’s trying to make you panic, think twice, and possibly contact the individual (or business) directly. If there’s a genuine issue to resolve, you’ll still be on top of it, but if it’s a phishing scam, you’ll stop it affecting you outright.