Internet Security Blog - Hackology

Top Phishing Attempts and Phishing Quiz

I have written an extensive piece on Social Engineering, which also covers about various Phishing Attacks while a separate article on Best Phishing Attack Vector of 2018. This post will show which Email subjects make the most of phishing categories for 2018, in other words: the subject lines that get unsuspecting users to interact with phishing emails the most. At the end I have added a Phishing Quiz made by Google which will test how good are you in identifying Phishing Attempts.

Attackers are improvising with emerging new trends, you might have read about how scammers use your publicly available hacked information and send out extortion email and demand cryptocurrency.

Hackers are playing into user desires to remain security minded. There’s also
an intrigue of mystery that often makes people curious enough to click
Phishing poses a serious threat on today’s Internet. While additional security features such as two-factor authentication may block some attacks it can never block “Human Error” , or “Element of Stupidity” as I call it, because it all comes down to users in the end and that’s what Phishing Attacks feed on. At times the attacks are so sophisticated that even the smartest tech savvy might fall prey for it , for instance the PunyCode Domain Vulnerability we say.

Top Social Media Phishing Email Subjects

The curiosity and feeling of importance that a tagged photo, profile view or endorsement can sail past an individual’s normal defenses. And everyone loves free pizza!
Social Media accounts are favourite of phishers and this year is no different. LinkedIn is at the top of the chart with 39% captured phishing email subjects while Facebook is on second with 18%. Phishing Attempts are made on such platforms where the chances of success are more which also shows that LinkedIn and Facebook are phishers favourite while Gmail came at the end with 3% captured emails.

Social Media Phishing Email Subjects
PieChart showing Email Subjects capturing Phishing Attempts while LinkedIn and Facebook seem to be at top

Top 10 General Phishing Emails Subjects

Social Media is not the only platform which is targeted while sending out phishing emails, many other general topics are also touched like “Password Check Required Immediately” is at the top with 19% Email Subjects , because this subject captures the interest of the user and gives chances of success for the attacker.

General Phishing Email Subjects
Top 10 General Email Subjects which are used for Phishing

Common Attacks – In the Wild

The desire to receive communications intended for the individual is strong. The potential of something being wrong and/or at risk also plays into the human psyche, leaving the individual to think that he/she must act immediately to resolve the issue. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email. Other alerts that contain warning types of messages can bring about feelings of alarm and cause an individual to make a panicked decision.

Common Phishing Attack Emails
Common Emails taking ‘Impulse’ for attain success in Phishing

Data has been compiled by KnowBe4, a security awareness training and simulated phishing platform.

The Phishing Quiz

The question is : Can you spot when you’re being phished?. You might say ‘obviously’ but it is not always that simple. Unlock the content to take the Phishing Quiz and see how good you are at identifying the malicious attempts.[sociallocker]

Take the Phishing Quiz

Once you Open the Phishing Quiz page you will be need to hit the “Take the Quiz” button after clicking that fill in any imaginary Name and Email in the form and the quiz will start.

The Phishing Quiz is built on very clever questions and you will need to give it a good glance to understand if it is a Phishing or Legitimate Email.[/sociallocker]

I am sharing an example email from the quiz below so you may know what you have to expect:

Phishing Quiz Question 1
Question 1 of Phishing Quiz : Phishing Good Doc Email

If you see the question in above image , it all seems perfect unless you hover over the link which shows “drive–google.com” now that’s not a real link rather the official link is drive.google.com or google.com/drive. That is how Phishing Attempts are made.

I scored 7 out of 8 , labelled an Legitimate question as Phishing. No harm in being over protective.

Phishing Quiz Result
Phishing Quiz Result, Scored 7 correct answers while 1 got wrong

 

How good did you score in the Phishing Quiz ? and Whats the funniest or weirdest Phishing Email you have received ?

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem