‘Tis the season that all CSOs dread. The holidays.
That’s right. The most wonderful time of year is the absolute worst for CSOs. Hackers abound, waiting to weasel their way into your databases for any private information ripe for sale.
Unfortunately, while you’re doing your best to keep the external threats at bay, there’s another threat close by. In fact, they’re sitting right next to you.
You know Steve, that guy who always needs help with the printer? Or Lisa, whose Wi-Fi disconnects every day around 4 p.m.? It may not be their job to be on top of all things related to computer security, but hackers are getting more clever and discovering the many portals available to access your systems. And these hapless coworkers are one of them.
Forget malicious hyperlinks. Most of us have moved beyond the baited ***CLICK HERE!*** Instead, think of how many emails are opened in your office every five minutes. Think of how many are opened in one day. One month. One year.
But you’re not in the clear, either. Just this past summer, Intel conducted a survey and found that 80% of people couldn’t differentiate a phishing email from a real one. To make matters worse, only 3% of all participants managed to identify each example correctly. Globally, this means that 97% of people cannot correctly identify a phishing email.
So what to do with such depressing numbers? You could hold an end-of-year crash course presentation on phishing.
I can see it now: you scanning the crowd, seeing nothing but bowed heads and eyes alight with the glow of Angry Birds. So much for a presentation. But actually, those employees playing Angry Birds…they’re on to something.
Gamification, the application of game-design elements and principles in non-game contexts, is a great tool to not only engage employees, but to teach them about a topic at hand. And since the fourth quarter of any business is busy, especially considering the advent of the holidays, capturing coworker attention is tough. So why not make it both informative and fun?
Below, I’ve compiled a list of the most educational (and a bit amusing) online phishing quizzes right at your fingertips to help you coach and engage your coworkers.
AARP’s quiz is more consumer-based, but still a great jumping off point for those delving into the world of online defense.
These questions challenge you to know scamming basics, including how to combat false mailing offers as well as topical news within cybersecurity, like which organizations are most frequently victimized by hackers.
AARP also offers hints for each question, directing participants to a relevant news article that can help them make informed choices and provide them real world examples of how detrimental phishing can be.
Content Verification’s quiz doesn’t have the flash that some of the other quizzes have, but what it lacks in theatrics it makes up for in education. In nine questions, Content Verification walks you through various email scenarios, including prospective messages from eBay, Paypal, and financial institutions, who ask you to click on a “phishy” (sorry) link to another page.
The quiz doesn’t highlight your incorrect answers, though it does provide a brief explanation of why each answer is correct or incorrect on a separate web page.
A great option to tutor employees on recognizing hazardous hyperlinks.
Straightforward and no fuss, McAfee challenges you through a gauntlet of ten example emails that you have to correctly identify. Ranging from LinkedIn invitations to airline check-ins on both desktop computer or mobile device, this quiz is not only thorough, but truly challenging to anyone, regardless of tech-savvy.
After receiving your score, you also have the option of reviewing your answers, where McAfee reveals the truth behind each example, providing practical phishing defense tips your coworkers can use in the future.
This quiz is a great starting point for beginners unfamiliar with phishing scams and intimidated by IT.
Rather than showing you a collection of questionable emails, OnGuard provides hypothetical scenarios with three possible answers for you to choose from. And instead of waiting for your score at the end, OnGuard explains the correct answer (regardless of whether you’re right or wrong) after each question so you can make more educated decisions during the quiz.
While only five questions long, Avoid the Bait makes up for brevity with a bit of fun. Be careful not to fall for the phishing bait, or you might literally find yourself hooked!
Similar to McAfee’s phishing quiz, Open DNS (from Cisco) provides realistic email examples and webpages where you evaluate their authenticity. Questions in this quiz extend from the legitimacy of login pages to whether or not you should be submitting your driver’s license or social security number into an online profile.
While this quiz does explain what made some pages legitimate or not after your score, it doesn’t go into detail for all examples.
This is a great option for CSOs who want to emphasize the importance of caution when it comes to providing personal information on the internet.
Are there other phishing quizzes you’ve found? Did you pass all five examples with flying colors? Let me know your thoughts and scores below.
Header by Rachel Wille
Looking for Computer Security software? Check out Capterra's list of the best Computer Security software solutions.