- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Carnegie Mellon University (CMU) is conducting research into why phishing attacks work, and has learned that a little bit of education regarding online fraud goes a long way.
Early findings of the research, which was presented at the Anti-Phishing Working Group’s eCrime Researchers Summit in Pittsburgh last week hosted by CMU’s CyLab, shows that phishers are often successful because e-mail users ignore information that could help them recognize fraud.
In one study, three groups of 14 participants each received e-mail messages that included spam and phishing attacks as well as legitimate mail. Two of the groups were presented with educational material about how to prevent being phished; but only one group received the material after having fallen for the phishing e-mails and entered personal information into a fraudulent Web site. According to researchers, that group spent twice as much time studying the material as those participants who hadn’t been phished.
The group that was given educational materials but hadn’t been phished were no better at spotting phishing attacks that the third group, which received no educational materials at all, researchers say.
When researchers ran through the exercise one week later, 64% of the phishing attacks sent to participants who had been phished were correctly identified as such, whereas only 7% of the phishing e-mails were correctly identified by the other two groups.
More research must be conducted to confirm these initial results, says Lorrie Cranor, associate research professor of computer science at CMU. But based on the initial findings, it appears that using some phishing techniques in a controlled environment may be an effective way to educate users.
The research paper, presented at the summit by Ponnurangam Kumaraguru, a graduate student in CMU’s School of Computer Science’s Institute for Software Research, can be found here.
Phishing has been a hot topic among CMU researchers and students of late. Last month scientists there developed an online game called Anti-Phishing Phil, featuring an animated fish designed to help teach users to spot fraud.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
RE: Antiphishing education requires real-world techniquesBy Howie M on October 9, 2007, 4:59 pmWhat a waste of time. If they would teach people how to protect themselves by deleting email purportedly from financial institutions, telling them not to click...
Reply | Read entire comment
View all comments