How good are you at identifying a phishing con? Do you delete the message or do you take the bait? How often can you get hooked?
Carnegie Mellon's Usable Privacy and Security Lab (CUPS) has developed a game to teach people how to identify several common clues that a message is a phish. The game takes about 10 minutes to play and is suitable for all ages. You will play PHIL, a "young fish living in Interweb Bay" as your father teaches you how to find food (legitimate links) and avoid dangers (fraudulent links) .
The game focuses on how to dissect the URL in the phishing message in order to sort out the scams from the good messages. According to the researcher who developed the game, users improved their accuracy in spotting fake sites from 69% before playing the game to 87% after.
Phishing works by tricking you into following a link and volunteering the confidential information to a scammer. Phishers will attack both your personal and work accounts. Phishers have recently been very effective at mimicking trusted sites such as the Better Business Bureau. The only way to protect yourself is to be alert to the scam. There are plenty of other scams out there but this game hits some of the most common tactics.
The game can be found at cups.cs.cmu.edu/antiphishing_phil/ quiz/ .