A day after Google was fined $57 million by a French regulator for violating the European General Data Protection Regulation (GDPR), its parent company Alphabet released a quiz designed to assess people’s skills when it comes to spotting phishing attempts.
The initiative was launched by Jigsaw, a division within Alphabet. The quiz stands up eight scenarios to test people’s phishing acumen. In a blog, Jigsaw says the content is based on trainings conducted with nearly 10,000 journalists, activists, and political leaders around the world.
The release of the training is timely, following on the heels of news from last week that 773 million unique emails, and about 21 million unique passwords for third-party sites were exposed. As more data has found its way into the wrong hands due to data breaches and other cyber mishaps, hackers have had more bait to work with and phishing has taken off.
According to Check Point’s recently released Cyber Attack Trends Analysis Security Report, Emotet, one of the most prominent Trojans in the wild, achieved its status as a result of a massive spearphishing campaign that distributed malicious links and attachments. Citing the 2018 IT Professionals Security Report Survey, Check Point reports that 76 percent of organizations experienced a phishing attack in the past year.
That high rate of attack underscores the urgency to train people–as employees or as individuals–to recognize the signs of a phishing attempt. Hackers have become expert at weaving details into credible communications that can trick even the savviest. In fact, reporting on the Jigsaw quiz for Motherboard, Lorenzo Franceschi-Bicchierai writes, “As a seasoned cybersecurity reporter, I like to believe my paranoia levels are pretty high, and thus I should be pretty good at spotting phishing emails. But even I wasn’t perfect: I correctly identified seven of of the eight emails.”
Still skeptical? Listen to a podcast by Gimlet Media about how its team was tricked in an office-wide phishing experiment. Then take the quiz.