6/8 I missed the last two. This just goes to show how vigilant one must be.

I missed the last one--but that was an err-on-the-side-of-caution mistake, which is definitely better than the alternative. (In real life it would probably be followed by an email saying “We were unable to complete suchandsuch action--which you asked us to do--because reasons.”)

Then again, I may have missed the point of the quiz, since I solved all of them simply by looking at the target URL.

@lucy I did the same with the last one. All this is pretty obvious to us, but it is easy to see how a person that is not web-experts can be fooled.

8/8

btw the quiz results page links to the 2 step verification signup page for your google account.

7/8

I missed the last one. Like Lucy I erred on the side of caution.

Yup, I erred on the side of caution, too.

This really ought to be passed to your friends and family that might be at risk. If it made them more cautious, that's a good thing.

Oh, and passing it on the wrong way may look like a phishing attempt. lol

yes a great little quiz ... i didn't realise that the password link was a redirect ... as it was on the google dot com domain
(however i wouldn't have clicked through anyway)

i try and drill it into my family at all times to basically never open any attachments unless they know for sure someone is sending them something.
likewise to disregard any email purporting to come from a bank or taxman or anything to do with money - as that is not how they are contacted.
they all live in a paranoid state regarding emails!

i do think in the future that owners of zombie machines or servers will have to become culpible to an extent - if such emails are sent via their system, even if they do not know it.

likewise ISPs should be able to spot these - i know it is not straightforward, but there is a lot of money slopping around tech companies, some of it needs to be directed towards resolving or at least minimising these emails - and however else they manifest in the future.

6/8 I mistook two good messages for phishing. They were not relevant for me anyhow so I would have deleted them irl anyhow.

Has anyone noticed how many spammers are including special characters in the subject line of their messages, makes it so easy to see them and delete them. Surely they are not stupid people spammers? perhaps they are.

Surely they are not stupid people spammers?

I think it's done to override standard barriers: anything containing the string "viagra" goes straight in the trash, but if if says "viâgra" you may sneak past.

Phisihing continues to evolve. First defense is a good email scanner, second is commonsense: no bank, gov, or other will use email as a first contact. FB is riddled with fake "someone accessed your account, please verify it was you", etc. I tell my friends, family and clients to examine addresses and links and where they resolve if they have ANY doubt ... actually, I tell them to delete mail from strangers, period.

That said, even the most vigilant can be caught at a weak moment... which is why the spammers keep trying, after all, bots never get tired.

6/8 by being over cautious.
For the Dropbox one I would have regarded the email as suspect but would have logged directly into the account to check.

For the Dropbox one I would have regarded the email as suspect but would have logged directly into the account to check.

Yep, that's the one that I erred on the side of caution on, and, like you, would have logged on direct, as I tend to do.

BTW, tell your friends to watch out for the fake sites with similar names hoping to catch typos.

For a while, I have run a URL shortener site and over the past 6 months or so the scammers are getting a lot more creative with how they construct their fake url's. They are being very clever with the use of multiple level subdomains allows them to have the real URL appear within the address. Unless people know what they are looking for it really can catch them out. Especially when they are able to obtain SSL certificates in some cases.

Mack.

i do think in the future that owners of zombie machines or servers will have to become culpible to an extent - if such emails are sent via their system, even if they do not know it.

I agree. It will give people an incentive to be careful. At the moment just do not care "because I do not have anything important". leaving aside that this is probably not true given most people buy things online, it also means they do not care about damage to others, but if there was a risk of having to pay damages if they did, even a small amount, it would make them pay attention.