Just how savy are you to internet phishing scams, you know the emails that say "click here coz ur account is about to be sold to elvis!"

Well, try this test (http://survey.mailfrontier.com/survey/quiztest.html) it only takes 2 minutes to answer 10 different questions.

I managed 80% correct O_o

didnt bother, just clicked.. got 70% =P


cool test though, gonna check it out tomorow

got 60%

the same ones..........

damn i woulda givin away my acct info

90%.

Amusingly I read the first 3, got those right but got bored of reading tedious emails. So I guessed the next 7 basing my judgement on the company involved, I was right 6 times out of 7. :D

im tired, i fucking pwn though :p

You got 8 out of 10 correct, or 80 %

:p

90%.

Amusingly I read the first 3, got those right but got bored of reading tedious emails. So I guessed the next 7 basing my judgement on the company involved, I was right 6 times out of 7. :D

I did something like that on my French GCSE - didnt quite work as well for that :(

/edit @ above - good show crazy, SHOW PEOPLE THE ANSWERS WHY DONT YOU!!!!1111 8|

I did something like that on my French GCSE - didnt quite work as well for that :(

/edit @ above - good show crazy, SHOW PEOPLE THE ANSWERS WHY DONT YOU!!!!1111 8|

Bugger you I've closed the window :p

Still it's easy to get most of them right, banks etc never EVER ask you for your details etc.

yeah but since it was like please visit and update ...i thought that was chill and all the addies they were linking too looked legit

true, should be easy but i managed to get two wrong, and i was reading somewhere an article on some people who could send you an email, with something like

http://real.bank.url/andstuff.asp<script-here>

the script would then actually show you the real site, as in you would have say www.mastercard.com in your browsers url, but it would be a fake site, they actually showed it working with Mastercards site, I was like "omg, glad I dont got a mastercard O_o"

I'm just horribly cynical and see the worst in most things / people. :) To date, I've not been proved wrong. Sad really! :D

Worked for that test too, woo. hoo.

:)

i got 9 outta 10. 90%.
the earthlink one threw me off.
not that i actually read any of my email anyway.

lol

90% correct :p

Would have been easier with the mails actually in my real mailbox, as I don't use any of those services and would have sent them straight to trash folder anyway :lol:

70%. Said fraud for the all the things I hadn't heard of.

Ooops

40%
w00t

8 out of 10, and the 2 I missed I said were illigitimate when they actually were...

Hint: IF you rollover the link and it goes someplace other than you expect it to (Especially to something that looks close to but slightly different than the one you're used to IE E-bay.com instead of ebay, or yahoo.org instead of .com or .net) it's suspicious, also, never use the included quicklink, go to the site by hand and use the account management tools, but only after checking your host resolution table to make sure they haven't rerouted you... if you're going to do online buisiness, you have to be that little extra bit paranoid...

i got 9 outta 10. 90%.
the earthlink one threw me off.
not that i actually read any of my email anyway.Same here. The Earthlink one threw me off... It was a link to the real site, that's why.

--Stryfe

90%, failed on the first paypal one.

rawr first online test ever that i got 100% lol

80%. got the first 2 wrong.

woot - 100% right on the first go :D I've been learning too much about computer security :wtf:

If anyone wants the help, I'll do a spoiler-type post later explaining each mail's answer. But I'd encourage everyone to try the test first - Would be a great thing to be learn how to identify a fraud email ;)

As promised - A guide to that test :)

WARNING - SPOILERS! DO NOT READ UNTIL YOU HAVE DONE THE TEST


When you're checking these out, always look at the following:
The email header - Although any email address can be faked, if the email address in arrow brackets is missing it's going to be more suspicious
Who it's addressed to - When you register you usually give your name in as well, so why the fuck would you get one saying "Dear valued **** customer"? Legit emails are more likely to greet you by your name, especially since how the Dear valued phrase is used in phishing
What they're asking - No site needs to know your account details, no more than site webmasters need to know your credit card details. It's usually merchant sites that sort out the financial stuff for them, just as much as it's the sites' database that handles the usernames & passwords. If it must be given, there'll usually be a way to do it on the site
Threats - The classic one is the account suspension one. Take no notice of it - It's usually bollocks made up to scare moronic users to give them their details
The links - Pay close attention to any links and any subtle changes. If in doubt, head to the site directly and use that
Information on the site - Usually, the information of something is on the site in question
SPG - Spelling, punctuation and grammar.
Is it something you're expecting, like a receipt for a PayPal transaction?
Buttons - Never follow a mail with a button where you can't tell for certain the link

1) A standard Hotmail email - The 30-day inactivity period is well-publicised on the Hotmail site (and their advertising of the Extra Storage plan ;)). The header reads an msn.com addresses, and it's themed to look Hotmail. The most important thing however is that you're not asked for your account details. That is an important thing to look out for. Hence, this mail is legit (although whether Hotmail's service is legit or not is debatable ;))

2) A Paypal email - The email header reads paypal.com, but what's this? I'm a valued PayPal customer? And I have to update my login details? Using the link? Or face account suspension? I'll take my chances - This is a bogus email.

3) Pretty much the same as the PayPal mail above, but considering that PayPal is owned by eBay what else could be expected? It's pretty much the same stuff - "Dear eBay user", "you are urged to establish your proof of identity", "failure may result in account suspension", blah blah blah. Thing however is that this info can be researched (http://pages.ebay.com/services/buyandsell/idverify-login.html) - Unlike what the email says, it costs $5 to use ID Verify, it's only available in the US, and it's an optional thing not mandatory. As fake as a Big Brother contestant.

4) A USbank email (although I've never heard of the bank personally :confused: ). Address header checks out, the www4 part in the link is a little suspicious, and it shows a somewhat believable story of phishing - Everyone's heard about it even though they don't know much about it. Know where it fails though? "Dear U.S Bank customer" and "we recently reviewed your account" - Would they have had your details if they recently reviewed it?
<dances to Salt & Pepa>Ooh, ahh, phish it...phish it real good!

5) Another PayPal mail - Expect a little more believable. Header checks out, it's good to see the mail starts with "Dear Jane Doe", it shows that the credit card may expire soon (not the account), and that failure to update would mean that I'd no longer be able to use Instant Transfer - That ain't so bad. More significantly, there's no link to follow or request to reply with account details - This forces the reader to log onto the site itself to sort it out. Although PayPal could have written it better in a few places, it's a legit mail.

6) This email sets off more alarms than a US military base in Iraq. The true email address (i.e. the one in arrow brackets) is hidden, there's the standard "Dear Earthlink customer", the standard suspension threat...but there's one thing in particular - The link. earthlink.net can be different from www.earthlink.net. Someone's been taking fraud lessons from Charles Ingram

7) I'll admit that this one had me stumped, but I finally saw it to be a fraud - True email address is masked again, the phishing story at the start, and the request to validate once per month. To be honest, a bank would rarely need to do that - It would take too much in terms of resources & time if they needed to do that. Another concern is the link again - Although I don't know what domains Citibank uses, the domain web.da-us.citibank.com is a little suspicious in my book. Although some of the points could be debatable, I decided to use the old rule "If it's too good to be true, it usually is". Guess I was right to mark this a fraud.

8) This is probably the lamest fake mail I've ever seen. While the header reads ebay.com, the mail doesn't follow eBay's standard mail design (hell, at least the ID Verify phish tried!), the "dear eBay member", the link goes to ebay.com (NOT www.ebay.com or any of its subdomains) instead of the domains listed in the warning on eBay site, the standard account suspension threat...oh, and that fact that eBay have apparantly hired someone who didn't graduate from primary school with a smiley sticker for punctuation. As fake as London's bid for the Olympics.

9) Another PayPal mail. A little worrying that the true email is masked, but one clear case decides it - In no way are account or credit card details asked for. It's a receipt mail for a PayPal payment - Any PP user would have seen them. It's assumed the transaction is known about, so it looks real. Though I do worry sometimes about the way PayPal looks a bit like its phishing mails.

10) Even from the first look, you can tell that this mail is fake - True email is masked, "Dear Visa cardholder", "billing out of date", and a button to update it; a direct hyperlink is suspicious enough but a button where you can't tell in advance where it takes you? Add the fact that the text formatting looks like it's been done by a colour-loving 13-year-old kid, and it's easy to see that this mail is as fake as Michael Jackson's nose.

Anyway, that's all of them - Hope they help spot the fraudulent ones you may get in the future :)