Today is Safer Internet Day – can you spot the scam site?

When you last logged into your email, banking or social networking site, how did you know it was the real deal and not a fake site set up to steal your password?

Is this site real or fake? Can you spot the tell-tale signs of a “phishing” attempt?

Many of us know friends and family who have had their online accounts hijacked. But what many people don’t know is how it happens and what you can do to stop criminals in their tracks.

Most hijackers get into accounts through “phishing” - sending emails or text messages which appear to come from a genuine source such as your bank, but are really created to steal your usernames, passwords or credit card details.

Don’t think you would so easily take the bait? Phishing is actually more effective than you might think. According to research from our security engineers, some targeted phishing scams fool up to 45% of their victims, and once hijackers have your information, they can break into your account in as little as 30 minutes.

So, to mark Safer Internet Day today here in New Zealand, we’ve put together this Phishing challenge!

Can you spot the tell-tale signs of a phishing scam? Grab your kids or a friend and take a minute to scroll through the images of common online situations below.

If you’re stuck, here are some quick tips (no cheating now, only read once you’ve completed the challenge!) on what you should have been on the lookout for, and should keep in mind for the future:
  • Check the URL in the address bar. It might look right in the email, but it could take you scam site designed to steal your personal details. Also check for ‘HTTPS’ in the address bar which means the site is secure.
  • Always check the sender’s email address. Does it look right to you? Phishing emails will often contain spelling mistakes and other irregularities.
  • Recognise scare tactics. Genuine sites never use scare tactics to get you to enter your username, password or credit card numbers. This is a red flag that the site may not be genuine.
  • Always check the spelling. Even though phishing can be sophisticated, hijackers are not always great spellers. Typos on a website or email could indicate that they are not the real deal.
If you’ve got a few more minutes, take your Google Account through our refreshed Security Check-Up tool—it’ll only take a minute, and could help you not become one of those friends everyone knows who’s had their account hijacked by phishing.

Posted by Taj Meadows, Policy Communications Manager, Google APAC