You (and half the people in this thread) are totally missing the point here.
No where does the article say that you’re supposed to be able to tell if it’s a scam or not just by looking at it. In fact, in multiple places it says that you’ve got to Google use a credible source to externally verify some information to determine that some of the examples are scams.
The point of the article is to teach people how to recognize scams, it would be totally useless if it imposed the constraint that you can’t look for context. If you’re actually trying to recognize scams IRL, you should be doing exactly what the article says and looking for authoritative corroboration of any information in the potential scam.
In the phishing Awareness course I wrote and sell, I do advocate to confirm that domains, phone numbers and other contact details, logos, are correct with the official website.
I don’t advocate that when they receive a bill for something they know they didn’t buy, they should go to Google.
And with googles current state, I could easily buy a domain and buy ads to put it at the top of search results. Googling the answer isn’t actually the answer. Verifying against known legit sources is.
It’s a shit test, which more than half of the people in this thread got right, yourself excepted.
I’m the CEO of an anti-phishing training corporation that services multiple Fortune 500 companies and has a yearly revenue of over 10m USD (I can also share unverified credentials to make myself seem more credible).
Someone could potentially build a website that makes their phishing attempt seem more credible, and maybe they could get that website ranked highly on Google (even though that is far from straightforward for a website presenting fraudulent information to do), but that’s a total red herring. The article didn’t recommend that people Google for a single random website that confirms the questionable information, the recommendation was that you should check multiple authoritative sources.
You are absolutely wrong. Not surprising that you’re (ostensibly) able to scam the technologically illiterate with such bad information, a little ironic that your scam involves getting them to think that you’re teaching them how to avoid scams.
You’re just pointing out that you are overqualified for this test.
At its root, it is a TEST. Not many TESTs allow you to Google for answers and supporting information. Unless specified any TEST provides in the question the information to determine the answer. By not providing all the information and not informing you to utilise any source available to obtain extra ESSENTIAL infirmation, it’s a bad test. Intended to trick you.
You and I both know if we create a test phishing email with no mistakes, it’s not a failure if people click on it. It’s a failure on our part for creating a BAD TEST. Same concept.
No, at its root, this is an educational article meant to teach about recognizing internet scams. It includes a quiz designed to help you determine your natural reaction to many popular scams, along with information about best practices for how to identify them.
This differs from a test, which is designed to quantify your current knowledge on a topic. Sure, the article used a quiz as a teaching aid, but the results of the quiz aren’t the point and don’t matter. Which makes it super weird how you and others are getting so butthurt about thinking you deserved a perfect score, but we’re robbed by an unfair test.
Unless specified any TEST provides in the question the information to determine the answer
This is a foolish assumption outside of the context of academic examinations. There’s no reason to assume that’s a requirement on an online quiz, where many of the explanations of the answers specifically tell you that the best way to identify some scams is to verify information with authoritative sources.
You and I both know if we create a test phishing email with no mistakes, it’s not a failure if people click on it. It’s a failure on our part for creating a BAD TEST.
The best test phishing emails realistically emulate actual phishing emails. Intentionally adding errors only serves to train employees to catch bad phishing attacks. Regardless, I’m not sure what your point is, since every one of the scam examples here does contain either verifiably false information, or obvious scam indicators.
You (and half the people in this thread) are totally missing the point here.
No where does the article say that you’re supposed to be able to tell if it’s a scam or not just by looking at it. In fact, in multiple places it says that you’ve got to
Googleuse a credible source to externally verify some information to determine that some of the examples are scams.The point of the article is to teach people how to recognize scams, it would be totally useless if it imposed the constraint that you can’t look for context. If you’re actually trying to recognize scams IRL, you should be doing exactly what the article says and looking for authoritative corroboration of any information in the potential scam.
In the phishing Awareness course I wrote and sell, I do advocate to confirm that domains, phone numbers and other contact details, logos, are correct with the official website.
I don’t advocate that when they receive a bill for something they know they didn’t buy, they should go to Google.
And with googles current state, I could easily buy a domain and buy ads to put it at the top of search results. Googling the answer isn’t actually the answer. Verifying against known legit sources is.
It’s a shit test, which more than half of the people in this thread got right, yourself excepted.
I’m the CEO of an anti-phishing training corporation that services multiple Fortune 500 companies and has a yearly revenue of over 10m USD (I can also share unverified credentials to make myself seem more credible).
Someone could potentially build a website that makes their phishing attempt seem more credible, and maybe they could get that website ranked highly on Google (even though that is far from straightforward for a website presenting fraudulent information to do), but that’s a total red herring. The article didn’t recommend that people Google for a single random website that confirms the questionable information, the recommendation was that you should check multiple authoritative sources.
You are absolutely wrong. Not surprising that you’re (ostensibly) able to scam the technologically illiterate with such bad information, a little ironic that your scam involves getting them to think that you’re teaching them how to avoid scams.
You’re just pointing out that you are overqualified for this test.
At its root, it is a TEST. Not many TESTs allow you to Google for answers and supporting information. Unless specified any TEST provides in the question the information to determine the answer. By not providing all the information and not informing you to utilise any source available to obtain extra ESSENTIAL infirmation, it’s a bad test. Intended to trick you.
You and I both know if we create a test phishing email with no mistakes, it’s not a failure if people click on it. It’s a failure on our part for creating a BAD TEST. Same concept.
No, at its root, this is an educational article meant to teach about recognizing internet scams. It includes a quiz designed to help you determine your natural reaction to many popular scams, along with information about best practices for how to identify them.
This differs from a test, which is designed to quantify your current knowledge on a topic. Sure, the article used a quiz as a teaching aid, but the results of the quiz aren’t the point and don’t matter. Which makes it super weird how you and others are getting so butthurt about thinking you deserved a perfect score, but we’re robbed by an unfair test.
This is a foolish assumption outside of the context of academic examinations. There’s no reason to assume that’s a requirement on an online quiz, where many of the explanations of the answers specifically tell you that the best way to identify some scams is to verify information with authoritative sources.
The best test phishing emails realistically emulate actual phishing emails. Intentionally adding errors only serves to train employees to catch bad phishing attacks. Regardless, I’m not sure what your point is, since every one of the scam examples here does contain either verifiably false information, or obvious scam indicators.