Published in


How to Spot Phishing: the Most Common Cyberattack

*** Click HERE for untold riches and success — FREE for the first 100, limited time only!!! ***

Did you fall for it? Don’t be too hard on yourself if you did: every day millions of people click on bogus links in phishing emails — messages designed to steal your password or make you download malware. That’s why we created a quiz that helps you learn to better spot phishing emails, complete with the latest tricks and techniques.

Phishing is, by far, the most common form of cyberattack. One percent of emails sent today are phishing attempts. And it often represents a more serious threat than the nuisance offers for free money we’ve all seen in our inboxes.

Phishing is about stealing your password. Attackers send you an appealing message — maybe free money, a faraway prince who needs your help, or a bogus security alert — that includes a link where you’re asked to enter your personal information or password, giving attackers access to your account. Gmail and other top email services catch the vast majority of these bogus messages, but you’ve probably seen an example.

In the case of more sophisticated attackers, phishing messages might look like a legitimate email written by someone you know. These so-called “spear-phishing” attacks are often one of the first steps of larger cyberattacks, where attackers use a carefully constructed email to fool someone into entering their login credentials into a fake page.

We created this quiz based on the security trainings we’ve held with nearly 10,000 journalists, activists, and political leaders around the world from Ukraine to Syria to Ecuador. We’ve studied the latest techniques attackers use, and designed the quiz to teach people how to spot them.

Some of the most famous examples of hacking and cyber-theft began with phishing. In 2016 hackers affiliated with the Russian intelligence services sent a carefully crafted spear-phishing email to John Podesta, Hillary Clinton’s campaign manager, and (because he didn’t have two-factor authentication enabled) they gained access to his email account.

The best protection against phishing is two-factor authentication. When you have two-factor authentication enabled, even if an attacker successfully steals your password they won’t be able to access your account. We also offer a Chrome extension called Password Alert that protects you from entering your Google password in a fake login page.

But the second-best protection against phishing is knowing how to spot it in the first place. It’s not always as easy as it looks — attackers have become more sophisticated at making their phishing attempts seem legit. Try taking our Phishing Quiz and see if you get spot all the fakes. We hope this quiz creates a fun way to learn about some of the most common phishing tricks.

— Justin Henck, Jigsaw Product Manager




Jigsaw is a unit within Google that forecasts and confronts emerging threats to open societies, creating future-defining research and technology to inspire scalable solutions.

Recommended from Medium

{UPDATE} Bad Piggies HD Hack Free Resources Generator

Common Password Threats

The Future of Data Protection

Web Cache Poisoning

{UPDATE} Atlantis 2: Beyond Atlantis - (Universal) Hack Free Resources Generator

CCPA Whiplash: Second Modification of the Regulations Pulls Back Business-Friendly Revisions

Graphic background with the article title

Hack The Box — Jail Write-up

A small change, and things go in your hand : Story of a $250 bounty

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Jigsaw is a unit within Google that explores threats to open societies, and builds technology that inspires scalable solutions.

More from Medium

CouchDB, Erlang and cookies — RCE on default settings

Activate Two-Factor authentication for Nextcloud

Digital Footprints — Leaving Trails Behind For Cyber Forensics

CVE-2020–17365 — Hotspot Shield VPN New Privilege Escalation Vulnerability