Recognizing sketchy emails designed to steal your password or trick into installing malware may be the most important cybersecurity skill one can learn.
People fall for phishing emails every day. In fact, phishing was involved in 70 percent of last year's breaches, according to the Verizon Data Breach Investigation Report. And despite awareness-spreading efforts, phishing still works. Almost 11 percent of people who receive a phishing email fall for it, according to internet security company Cofense.
Alphabet's subsidiary jigsaw, though, just launched a quiz that hopes to teach people how to spot phishing emails.
The quiz has eight examples of potentially malicious emails, all inspired by real phishing emails Google has seen in the wild.
There is also an example inspired by the emails that tricked Hillary Clinton campaign manager and veteran Republican politician Colin Powell to give their passwords to Russian hackers.
As a seasoned cybersecurity reporter, I like to believe my paranoia levels are pretty high, and thus I should be pretty good at spotting phishing emails. But even I was not perfect: I correctly identified seven of the eight emails.
For people who are not as well trained and accustomed to being vigilant as I am, this quiz is a very good opportunity to learn. After each response in the quiz, it explains what signs you should have seen to figure out if the email was legitimate or malicious.
And kudos to Jigsaw for including an example inspired by Google snafu, where the company sent out a confusion Gmail security alert that looked like a phishing attempt, as well as a massive Google Doc phishing worm that hit around one million users.
Listen to CYBER, Motherboard's new weekly podcast about hacking and cybersecurity.