Welcome to WebmasterWorld Guest from 54.210.61.41

Forum Moderators: open

How to spot a phishing e-mail

     
4:26 pm on Jan 23, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25850
votes: 847


Google's Jigsaw has a little questionnaire devised to help people identify phishing attacks.

It's always worth a look, but it's especially important that friends and family that are not so savvy get the chance to test themselves.

[phishingquiz.withgoogle.com...]
5:01 pm on Jan 23, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2366
votes: 630


6/8 I missed the last two. This just goes to show how vigilant one must be.
6:05 pm on Jan 23, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15452
votes: 739


I missed the last one--but that was an err-on-the-side-of-caution mistake, which is definitely better than the alternative. (In real life it would probably be followed by an email saying “We were unable to complete suchandsuch action--which you asked us to do--because reasons.”)

Then again, I may have missed the point of the quiz, since I solved all of them simply by looking at the target URL.
6:28 pm on Jan 23, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2366
votes: 630


@lucy I did the same with the last one. All this is pretty obvious to us, but it is easy to see how a person that is not web-experts can be fooled.
12:38 am on Jan 24, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11571
votes: 182


8/8

btw the quiz results page links to the 2 step verification signup page for your google account.
2:24 am on Jan 24, 2019 (gmt 0)

Moderator

WebmasterWorld Administrator buckworks is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 9, 2001
posts:5803
votes: 132


7/8

I missed the last one. Like Lucy I erred on the side of caution.
11:34 am on Jan 24, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25850
votes: 847


Yup, I erred on the side of caution, too.

This really ought to be passed to your friends and family that might be at risk. If it made them more cautious, that's a good thing.

Oh, and passing it on the wrong way may look like a phishing attempt. lol
12:40 pm on Jan 24, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3441
votes: 65


yes a great little quiz ... i didn't realise that the password link was a redirect ... as it was on the google dot com domain
(however i wouldn't have clicked through anyway)

i try and drill it into my family at all times to basically never open any attachments unless they know for sure someone is sending them something.
likewise to disregard any email purporting to come from a bank or taxman or anything to do with money - as that is not how they are contacted.
they all live in a paranoid state regarding emails!

i do think in the future that owners of zombie machines or servers will have to become culpible to an extent - if such emails are sent via their system, even if they do not know it.

likewise ISPs should be able to spot these - i know it is not straightforward, but there is a lot of money slopping around tech companies, some of it needs to be directed towards resolving or at least minimising these emails - and however else they manifest in the future.
12:55 pm on Jan 24, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1732
votes: 36


6/8 I mistook two good messages for phishing. They were not relevant for me anyhow so I would have deleted them irl anyhow.

Has anyone noticed how many spammers are including special characters in the subject line of their messages, makes it so easy to see them and delete them. Surely they are not stupid people spammers? perhaps they are.
7:27 pm on Jan 24, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15452
votes: 739


Surely they are not stupid people spammers?
I think it's done to override standard barriers: anything containing the string "viagra" goes straight in the trash, but if if says "viâgra" you may sneak past.
1:56 am on Jan 25, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9093
votes: 757


Phisihing continues to evolve. First defense is a good email scanner, second is commonsense: no bank, gov, or other will use email as a first contact. FB is riddled with fake "someone accessed your account, please verify it was you", etc. I tell my friends, family and clients to examine addresses and links and where they resolve if they have ANY doubt ... actually, I tell them to delete mail from strangers, period.

That said, even the most vigilant can be caught at a weak moment... which is why the spammers keep trying, after all, bots never get tired.
9:15 am on Jan 25, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3451
votes: 61


6/8 by being over cautious.
For the Dropbox one I would have regarded the email as suspect but would have logged directly into the account to check.
9:32 am on Jan 25, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25850
votes: 847


For the Dropbox one I would have regarded the email as suspect but would have logged directly into the account to check.

Yep, that's the one that I erred on the side of caution on, and, like you, would have logged on direct, as I tend to do.

BTW, tell your friends to watch out for the fake sites with similar names hoping to catch typos.
1:47 am on Jan 26, 2019 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
posts:7801
votes: 73


For a while, I have run a URL shortener site and over the past 6 months or so the scammers are getting a lot more creative with how they construct their fake url's. They are being very clever with the use of multiple level subdomains allows them to have the real URL appear within the address. Unless people know what they are looking for it really can catch them out. Especially when they are able to obtain SSL certificates in some cases.

Mack.
1:32 pm on Jan 27, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts: 2856
votes: 155


i do think in the future that owners of zombie machines or servers will have to become culpible to an extent - if such emails are sent via their system, even if they do not know it.


I agree. It will give people an incentive to be careful. At the moment just do not care "because I do not have anything important". leaving aside that this is probably not true given most people buy things online, it also means they do not care about damage to others, but if there was a risk of having to pay damages if they did, even a small amount, it would make them pay attention.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members