Early findings by Carnegie Mellon University researchers suggest that people who are suckered by a spoof email into visiting a counterfeit Web site are also people who are ready to learn their lesson about “phishing” attacks.
Phishing attacks have become a common method for stealing personal identification information, such as bank account numbers and passwords. Lorrie Cranor, associate research professor of computer science, said phishing often is successful because many people ignore educational materials that otherwise might help them recognize such frauds.
But in a laboratory study, the researchers fought “phire with phire” and found that when they sent their own spoof email to users and tricked them into visiting an educational Web site, those people tended to learn and retain more of the lesson about how to spot phishing sites.
Ponnurangam Kumaraguru, a graduate student in the School of Computer Science’s Institute for Software Research, will present the study results Friday, Oct. 5 at the Anti-Phishing Working Group’s (APWG) eCrime Researchers Summit in Pittsburgh. The summit, sponsored by the APWG and hosted by Carnegie Mellon CyLab, includes leading industrial and academic practitioners in the field of electronic crime research.
In the study, three groups of 14 volunteers participated in role-playing exercises in which they processed email, which included a mix of phishing, spam and legitimate email. Those in the “embedded training” group, who were given anti-phishing educational materials after they had fallen for a phishing email, spent more than twice as much time studying the materials than those who were presented the materials without first being tricked. Those who were presented the materials without being tricked were no better at identifying phishing emails than those who received no anti-phishing educational materials. A week later, when the exercise was repeated, those in the embedded training group were significantly more successful in identifying phishing emails than those in the other two groups — 64 percent of phishing emails identified by the embedded training group versus 7 percent identified by the other two groups.
Cranor, director of the Carnegie Mellon Usable Privacy and Security Lab, said additional testing will be necessary to confirm these results. But the initial findings suggest that using the tricks of phishers, perhaps in a controlled environment, might be a good first step in educating computer users to protect themselves.
In addition to Cranor and Kumaraguru, the study team included faculty members Jason Hong and Alessandro Acquisti and graduate students Yong Rhee, Steve Sheng and Sharique Hasan. Their paper is available at http://www.ecrimeresearch.org/2007/proceedings/p70_kumaraguru.pdf.
According to the latest trend report for June, APWG detected 31,709 phishing Web sites, a drop of 6,000 from May, and 146 brands were hijacked, a slight decrease from May. But the number of unique phishing reports was 28,888 in June, up by more than 5,000 over May. The vast majority of attacks were in the financial services sector.
Metamolds: Molding a mold
20.08.2018 | Institute of Science and Technology Austria
Robots as Tools and Partners in Rehabilitation
17.08.2018 | Albert-Ludwigs-Universität Freiburg im Breisgau
There are currently great hopes for solid-state batteries. They contain no liquid parts that could leak or catch fire. For this reason, they do not require cooling and are considered to be much safer, more reliable, and longer lasting than traditional lithium-ion batteries. Jülich scientists have now introduced a new concept that allows currents up to ten times greater during charging and discharging than previously described in the literature. The improvement was achieved by a “clever” choice of materials with a focus on consistently good compatibility. All components were made from phosphate compounds, which are well matched both chemically and mechanically.
The low current is considered one of the biggest hurdles in the development of solid-state batteries. It is the reason why the batteries take a relatively long...
New design tool automatically creates nanostructure 3D-print templates for user-given colors
Scientists present work at prestigious SIGGRAPH conference
Most of the objects we see are colored by pigments, but using pigments has disadvantages: such colors can fade, industrial pigments are often toxic, and...
Scientists at the University of California, Los Angeles present new research on a curious cosmic phenomenon known as "whistlers" -- very low frequency packets...
Scientists develop first tool to use machine learning methods to compute flow around interactively designable 3D objects. Tool will be presented at this year’s prestigious SIGGRAPH conference.
When engineers or designers want to test the aerodynamic properties of the newly designed shape of a car, airplane, or other object, they would normally model...
Researchers from TU Graz and their industry partners have unveiled a world first: the prototype of a robot-controlled, high-speed combined charging system (CCS) for electric vehicles that enables series charging of cars in various parking positions.
Global demand for electric vehicles is forecast to rise sharply: by 2025, the number of new vehicle registrations is expected to reach 25 million per year....
17.08.2018 | Event News
08.08.2018 | Event News
27.07.2018 | Event News
20.08.2018 | Information Technology
20.08.2018 | Power and Electrical Engineering
17.08.2018 | Physics and Astronomy