How to Spot Phishing: the Most Common Cyberattack

Jan 22, 2019 · 3 min read

*** Click HERE for untold riches and success — FREE for the first 100, limited time only!!! ***

Did you fall for it? Don’t be too hard on yourself if you did: every day millions of people click on bogus links in phishing emails — messages designed to steal your password or make you download malware. That’s why we created a quiz that helps you learn to better spot phishing emails, complete with the latest tricks and techniques.

Phishing is, by far, the most common form of cyberattack. One percent of emails sent today are phishing attempts. And it often represents a more serious threat than the nuisance offers for free money we’ve all seen in our inboxes.

Phishing is about stealing your password. Attackers send you an appealing message — maybe free money, a faraway prince who needs your help, or a bogus security alert — that includes a link where you’re asked to enter your personal information or password, giving attackers access to your account. Gmail and other top email services catch the vast majority of these bogus messages, but you’ve probably seen an example.

In the case of more sophisticated attackers, phishing messages might look like a legitimate email written by someone you know. These so-called “spear-phishing” attacks are often one of the first steps of larger cyberattacks, where attackers use a carefully constructed email to fool someone into entering their login credentials into a fake page.

We created this quiz based on the security trainings we’ve held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador. We’ve studied the latest techniques attackers use, and designed the quiz to teach people how to spot them.

Some of the most famous examples of hacking and cyber-theft began with phishing. In 2016 hackers affiliated with the Russian intelligence services sent a carefully crafted spear-phishing email to John Podesta, Hillary Clinton’s campaign manager, and (because he didn’t have two-factor authentication enabled) they gained access to his email account.

The best protection against phishing is two-factor authentication. When you have two-factor authentication enabled, even if an attacker successfully steals your password they won’t be able to access your account. We also offer a Chrome extension called Password Alert that protects you from entering your Google password in a fake login page.

But the second-best protection against phishing is knowing how to spot it in the first place. It’s not always as easy as it looks — attackers have become more sophisticated at making their phishing attempts seem legit. Try taking our Phishing Quiz and see if you get spot all the fakes. We hope this quiz creates a fun way to learn about some of the most common phishing tricks.

— Justin Henck, Jigsaw Product Manager


A safer internet means a safer world.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store