Google recently shared a quiz on one of our favorite topics: phishing. The quiz walks through eight examples, and it’s up to the quiz taker to decide if each one is a phish or a valid communication. Once you’ve chosen “phishing” or “legitimate,” the quiz identifies the clues or areas to study.

The areas to review include the sender’s email address and links within the email. It also cautions against opening unexpected attachments and notes misspellings as a clue that the email might be a phish. In fact, in every single example, the quiz directs the user to hover over links and study the domain to determine if the email is a phish. This is great! The domain is the biggest clue we have to figure out if an email’s link or a website is legitimate. We encourage you to review all of these areas, particularly in unexpected email communications.

But, what if the quiz taker isn’t even sure what a domain is? The everyday user (the one most likely to fall for a phish) probably has a fuzzy understanding of a domain. They may know that it’s located in the web address bar, but probably can’t identify the domain specifically. Hackers have already identified this weakness and play on it using web address links like http://www.google.com.tinyurl.com. Users see “google.com” and immediately think that because google.com is safe, this must be a valid link. But the domain in this example is actually tinyurl.com, which is a site that creates shortened links.

In our opinion, Google missed an opportunity to go one step further to educate users on links and domains in this quiz. A bit more clarification is needed on all the elements that make up a web link and how to easily identify the domain, regardless of the length or complexity. This information would create a strong phishing awareness foundation and make a great tutorial even better. Then again, Google is working on ways to kill the URL in its current form.

Until then, if you or someone you know needs help understanding the important parts of the web address, we have two FREE resources for you.

What Website Is This? – A quick online tutorial that shows the importance of the URL.

LinkAware – A browser extension that picks out the domain for every website you visit.

Chrome and Firefox versions are available. Interestingly enough, if you use LinkAware, you will notice that the Phishing Quiz’s domain is not google.com, but don’t worry, it is owned by Google.