Phishing
Phishing is often successful because many people ignore educational material that might otherwise help them
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
Jargon Buster

ADVERTISEMENT

Phishing victims learn online security lesson

Once bitten twice shy

Robert Jaques, vnunet.com 03 Oct 2007
ADVERTISEMENT

Surfers tricked by emails into visiting phishing sites are the most ready to learn lessons about online security, according to Carnegie Mellon University researchers.

Lorrie Cranor, associate research professor of computer science at Carnegie Mellon, said that phishing is often successful because many people ignore educational material that might otherwise help them recognise such frauds.

The researchers set up a laboratory study in which they fought "phire with phire".

When they sent their own spoof email to users and tricked them into visiting an educational website, those people tended to learn and retain more of the lesson about how to spot phishing sites.

Three groups of 14 volunteers participated in role-playing exercises in which they processed email, which included a mix of phishing, spam and legitimate email.

Those in the 'embedded training' group, who were given anti-phishing educational material after they had fallen for a phishing email, spent more than twice as much time studying the material than those who were presented the material without first being tricked.

Those who were presented the material without being tricked were no better at identifying phishing emails than those who received no anti-phishing educational material.

A week later, when the exercise was repeated, those in the embedded training group were significantly more successful in identifying phishing emails than those in the other two groups.

Some 64 per cent of phishing emails were identified by the embedded training group compared to seven per cent identified by the other two groups.

Cranor said that additional testing will be necessary to confirm the results. But the initial findings suggest that using the tricks of phishers, perhaps in a controlled environment, might be a good first step in educating users to protect themselves.

Ponnurangam Kumaraguru, a graduate student in the School of Computer Science's Institute for Software Research, will present the study results on 5 October at the Anti-Phishing Working Group's eCrime Researchers Summit in Pittsburgh.

The summit includes leading industrial and academic practitioners in the field of electronic crime research.


All

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
C#.NET Developer - South West - 3 month contract
| Computer People
Our noteworthy client in the South West requires a C#.NET Developer to help develop and rewrite their Finance Systems interfaces. The ideal candidate will be available immediately and be a strong developer using C#.NET. You ... more >
Project Manager (HR & Payroll Systems) - Exciting Growing Organisation
| JAM Recruitment
Job Reference: 21307 Job Title: Project Manager (HR amp; Payroll technology transformation? Do you have Project Management experience gained within client facing projects? Are you a forward thinking professional, comfortable with people management? The Background ... more >
HRIS Specialist - Global Blue Chip Opportunity
| JAM Recruitment
Position: HRIS Specialist Reference: 21191 Salary: c£40-50k + Excellent Benefits Location: West Midlands Contact: Chris Pearson - JAM HR Systems Are you a techno-functional professional with a background in developing and driving HR Information Systems? ... more >
EMEA HR Systems Manager - Global Implementation Project
| JAM Recruitment
Position: EMEA HR Systems Manager Reference: 21014 Salary: c£55-65,000 + Bonus + Benefits Location: North London Contact: Chris Pearson - JAM HR Systems Are you a proven HR technology leader with aptitude to drive international ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503