Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Alphabet’s Jigsaw Helps Users Identify Phishing Attacks

Jigsaw, a unit of Google’s parent company Alphabet, on Tuesday made available a quiz that tests users’ ability to identify phishing attacks and teaches them what signs to look for to determine whether an email or webpage is legitimate or not.

Jigsaw, a unit of Google’s parent company Alphabet, on Tuesday made available a quiz that tests users’ ability to identify phishing attacks and teaches them what signs to look for to determine whether an email or webpage is legitimate or not.

The quiz first instructs users to enter a name and email address, which will not be stored anywhere, but will help make the quiz more realistic, Jigsaw says.

Users are shown eight different pages and for each of them they have to say if it’s part of a phishing attack. The user is given hints on what to look for in each case.

Once the “phishing” or “legitimate” button is pressed, the individual taking the test is informed whether the response was correct or not, and an explanation is provided for each of the elements that could point to a potential phish.

The emails include financial-themed messages, fax notifications, messages that appear to be personal and link to a photo, Dropbox notifications, and security alerts. The last test involves a page where the user is asked to allow an app to access their email messages and settings.

Jigsaw phishing quiz

Once the quiz has been completed, the user learns how many of the tests they’ve passed and they are provided a link to Google resources for securing their account.

“Kudos to Jigsaw for building greater consumer awareness on this important topic. This is a solid effort that clearly highlights how crafty modern phishing emails can be,” commented Michael Madon, SVP & GM, security awareness at Mimecast. “But this crash-course is no substitute for ongoing initiatives by IT security leaders to tackle this education problem and truly change the security culture of an organisation.”

“Employees need compelling reasons to care about security. Mimecast’s training data analysis shows that individual risk scoring is a key factor. When used alongside humorous content, the passive resistance most employees have to training can be broken down,” Madon added. “Email security controls can be modified depending on the organisation’s own security stance, real inbound threats and the training scores of employees.”

Advertisement. Scroll to continue reading.

Related: Phishers Use Zero-Width Spaces to Bypass Office 365 Protections

Related: Evasive Malware, Meet Evasive Phishing

Related: Latest Phishing Technique Uses Fake Fonts to Evade Detection

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.