Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Have you taken the Phishing IQ test?

March 31st 2006 in Uncategorized

http://www.mailfrontier.com/forms/msft_iq_test.html


I achieved 8 out of 10… spotted all the phishing emails just fine, but also attributed falsity to two legitimate ones… go figure…  better safe than sorry, I suppose.  I’d have been real grumpy with myself if I’d marked a phish as legitimate…


3 comments to...
“Have you taken the Phishing IQ test?”

Garth

I only got a 7 of 10 but I’m from Canada, so any time I get a bank email is it always a Phishing message. 🙂 Of the ones that are valid in Canada I got 4 out of 5, however I would never use Capital one so… 😉
MSN
PayPal
eBay
Amazon
Capital One — I would never use them so it must be a Phishing message.



Byron Todd

IIRC, I got only 6 out of 10 but I correctly id’d all of the “real” phishing attempts.

The problem I have with the test is more basic, because they are forcing you to make some assumptions – which are not given – to correctly id the non-phishing attempts. *Spoiler follows* – the example email of “your account ending in 8932 (or whatever the number was)”. I received multiple phishing attempts using this exact method – however, knowing that I do not have an account ending in 8932 made it stand out as a phishing attempt. For the general public to be able to take that test and correctly (according to their key for the test) id that as a non phishing attempt, the test needs to state “You have account ending in 8932….”

Byron



Jamie Murdock

I too was not duped, but only scored 7 out of 10. As I read the “why” explanations, I was told each time to “play it safe” and consider the email suspicious.

This one http://www.mailfrontier.com/quiztest2/answers/why_q9.html really confused me, it called it legit then seemed to explain why it wasn’t!

I think that not being duped by any of them should be a complete win, and there should be no such thing as overcautious.


Websense reports that bad end of town have started using the createTextRange vulnerability in an attempt to infect victims with a keylogging trojan that monitors activity on various (undisclosed) financial websites and sends the recorded information to the attacker:http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=452
Repeat after me – “I will not click on links in unsolicited emails… I will not click […]

Previous Entry

Ok, so I was confused.  On the one hand we had Mike Nash saying it would be “deployed like a hotfix” (which to me means phone MS and ask for it).  On the other hand, I had an email from MS saying that the optional compatibility patch would be available via the Download Centre, which certainly […]

Next Entry

Archives