Technologist - The FindLaw Legal Technology Blog

Lawyers: Take the Google Phishing Quiz

Yes, we tech savvy lawyers might consider ourselves to be sharp enough to spot every single phishing attempt that hits our email inboxes. After all, if we can spot a bad client, or a good case, we can spot a suspicious email, right?

Well, you might want to guess again, or at least confirm what you may or may not already know. And you can do that easily thanks to a simple online quiz Google designed, that won't take more than a couple minutes. The quiz runs through several example emails and asks you to identify whether the email is a phishing attempt or legitimate. After each question, the quiz reviews your answer and shows you all the different tell-tale warning signs. And after you're done, you'll want everyone you work with (or care about) to take it too.

From Phishing to Social Engineering

Phishing scams have come a long, long way since the throngs of international princes got dial-up access. Now-a-days, phishing attempts have taken the form of social engineering, which is basically just a fancy way to say email forgery. Scammers copy legitimate looking emails from services you likely already use, then try to trick you into divulging your usernames and passwords.

Basically, the phishing attackers have learned from their past experiences and upgraded their arsenal of tackle and bait. Oftentimes now, these emails are no longer littered with poor grammar and incorrect spelling, but rather use legitimate emails from big name services and simply swap out links.

Tips to Protect Your Email

If there's any doubt whatsoever about the legitimacy of an email, avoid opening it, and especially any attachments, on a mobile device. On an actual computer, it will be much easier to see more information about the sender, as well as the information contained in the email and attachments. As a rule of thumb, the below three steps can help you steer clear of phishing attempts.

  • Confirm Sender Addresses -- When names are off by a few letters, or the domain (part after the @) is misspelled, you should be asking questions.
  • Confirm Link Destination URLs -- When you're asked to click a link, and that link doesn't look right (Ie. it has a URL that shows the named company in a way that is unusual), you should take caution.
  • If Something Seems Fishy, Google it -- Simply put, you likely aren't the first person who has received a similar social engineering attempt. Like the phishing attempts of the old dial-up days, social engineering attempts also tend to cast a wide net.

Related Resources: