EmailSafety.net - Antiphishing education requires real-world techniques

Antiphishing education requires real-world techniques

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Community

SMB Signing

EV SSL (Extended Validation SSL)

SSL (Secure Sockets Layer)

All security forums

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

Early findings of the research, which was presented at the Anti-Phishing Working Group’s eCrime Researchers Summit in Pittsburgh last week hosted by CMU’s CyLab, shows that phishers are often successful because e-mail users ignore information that could help them recognize fraud.

Read the latest WhitePaper - IP Surveillance - The Next Generation Security Camera Application

In one study, three groups of 14 participants each received e-mail messages that included spam and phishing attacks as well as legitimate mail. Two of the groups were presented with educational material about how to prevent being phished; but only one group received the material after having fallen for the phishing e-mails and entered personal information into a fraudulent Web site. According to researchers, that group spent twice as much time studying the material as those participants who hadn’t been phished.

The group that was given educational materials but hadn’t been phished were no better at spotting phishing attacks that the third group, which received no educational materials at all, researchers say.

When researchers ran through the exercise one week later, 64% of the phishing attacks sent to participants who had been phished were correctly identified as such, whereas only 7% of the phishing e-mails were correctly identified by the other two groups.

More research must be conducted to confirm these initial results, says Lorrie Cranor, associate research professor of computer science at CMU. But based on the initial findings, it appears that using some phishing techniques in a controlled environment may be an effective way to educate users.

The research paper, presented at the summit by Ponnurangam Kumaraguru, a graduate student in CMU’s School of Computer Science’s Institute for Software Research, can be found here.

Phishing has been a hot topic among CMU researchers and students of late. Last month scientists there developed an online game called Anti-Phishing Phil, featuring an animated fish designed to help teach users to spot fraud.

Recent News:

· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered

Site Map | Recent News | Related Sites

Other stories on this topic

Community

Story tools

Sponsored by: