“You learn by falling over.” “The lessons learned from discouraging experience prove to be great worth.”

I can’t agree more with these ideas, but when it comes to phishing emails that will cause your regret and financial loss, I’d rather you learn through professionals’ training and tips instead of falling for traps. You can dodge them.

Practice makes perfect. Recently I read about a phishing quiz from OpenDNS, in which you will look at 14 screenshots and decide whether each of them is a phishing email/website or not.

Honestly, I don’t take pride in the result of my first try out. I spent a long time reading through each email, which one would rarely do for service emails in the inbox.

With times of test and trial, I found the key in this quiz is to tell legitimate websites from fake ones, such as:

http://twitter.com.all09.info/fun_en/ that claims to be twitter, and http://cedji.com.mx/data/paypal/paypal/www.paypal.com/www.paypog that claims to be paypal.

It can not be more obvious if you get the gist.

Nevertheless, what about www.[micrrosoft].com or www.[microsoftt].com? They have disguised themselves much better than their fellow fakers above.

What’s worse, along with your progressing security awareness grows scammers’ technology — ZeroFont, for example. Using this technology, www.itwagesagainsttwitter.com can appear to be www.twitter.com with the unwanted characters not shown.

Looking at the link per se is no longer as useful in real life.

Then what IS useful in your life against phishing emails?

If you have read our blog about the name of Apple and Microsoft being used for spear-phishing, you’ll know the two most important there are only two steps to take:

  1. Stay alert of phishing emails. Every one of them is possible to be.
  2. Know how to find an authoritative source.

In the quiz we design, you’ll go through a real-life journey about Apple-related phishing scams – a simulated situation that you might have encountered.

Wouldn’t wanna be too much of a spoiler. After the “training” above, you are already more likely to win the Cyber Hero Badge than other people.

Click on and try it out.


P.S. Having fulfilled the two steps, you could hand over the rest of the things to Mr. Post. This is an add-in against phishing emails launched by some cyber security professionals who have thought ahead of you.

Free of worrying and checking around, you can see whether you’ve received a phishing email with one click. Being a light-weight add-in, it will never slow your mailbox down.

Try Mr. Post, applicable for Outlook, website browser and your mobile phone, available now on Microsoft AppSource.



[1] Images: steps by DailyPM and fall by athanagore x from the Noun Project