It’s Still About the Phish

I came across some articles yesterday that were talking about this phishing test, published by Google. The test covers eight email scenarios and asks you to decide in each scenario if the email is legitimate or fake. What I thought was especially valuable is that Google will then tell you why a given email is or isn’t legitimate, and what to look for to figure that out. This screenshot will give you one example.

Sample explanation

We’ve written about phishing and phishing tests a lot (here’s one recent post). That’s intentional: phishing is the Bad Guys’ favorite way to steal user credentials. And compromised user credentials are by far the most common method of breaching an organization’s network.

A Fun Way to Learn More About Phishing

I found all the examples in Google’s phishing test relevant; some are examples of legitimate emails and others… not so much. This phishing test doesn’t substitute for an ongoing program of education and awareness-building around phishing techniques (you’re doing that, right??). But it’s a brief diversion that will give your users some nice education on how to spot a phishing attempt. We’ve found that users are more receptive to a phishing test when you position it as teaching valuable Internet safety skills that are useful in the user’s personal as well as work life.

So, check this phishing test out, and share it with your user community. Of course, you’ll want to let them know in advance that your message isn’t itself a phishing attempt 🙂