More Web Proxy on the site http://driver.im/

article

Don't be a phish: steps in user education

Authors:

Stefan A. Robila,

James W. RagucciAuthors Info & Claims

ACM SIGCSE Bulletin, Volume 38, Issue 3

Pages 237 - 241

https://doi.org/10.1145/1140123.1140187

Published: 26 June 2006 Publication History

Abstract

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

References

[1]

CNN. com, "A convicted hacker debunks some myths." http://www.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/index.html 2005, accessed 01/06/06

[2]

Duntemann J., Degunking Your Email, Spam, And Viruses. Scottsdale, Arizona: Paraglyph Press, 2004

[3]

Merwe A, Loock M., and Dabrowski M. "Characteristics and responsibilities involved in a Phishing attack." Proc. ACM WISCT 05, 92, 249--254, 2005

Digital Library

[4]

http://en.wikipedia.org/wiki/Phishing, accessed 30 Nov 2005

[5]

Roberts, Paul F. "Cyber-looters Capitalize on Katrina." eWeek. 12 Sept. 2005: 11--12

[6]

MailFrontier Phishing IQ, "Paypal Tsunami" example, http://www.mailfrontier.com/quiztest2/S2img/Q22_tsunami.gif, accessed 3 Nov. 2005.

[7]

Kerstein P.L., "How Can We Stop Phishing and Pharming Scams?" http://www.csoonline.com/talkback/071905.html, accessed 27 Nov 2005

[8]

Richardson T., "Brits Fall Prey to Phishing." The Register. http://www.theregister.co.uk/2005/05/03/aol_phishing/, accessed 27 Nov 2005

[9]

Sunday Morning Herald, "Phishing Spreads in Europe", http://www.smh.com.au/articles/2004/05/10/1084041315645.html, accessed 5 Jan 2006

[10]

Anti-Phishing Working Group, October 2005 Report, http://antiphishing.org/apwg_phishing_activity_report_oct_05.pdf, accessed 27 Nov 2005

[11]

Jakobsson M., Modeling and Preventing Phishing Attacks. Phishing Panel in Financial Cryptography '05.

Digital Library

[12]

Anti-Phishing Working Group, http://www.antiphishing.org/, accessed 27 Nov 2005

[13]

Better Business Bureau, http://www.bbbonline.org/idtheft/phishing_cond.asp, accessed 4 Jan 2006

[14]

Microsoft, Consumer Awareness Page on Phishing http://www.microsoft.com/athome/security/email/phishing.mspx, accessed 6 Jan 2006

[15]

Emigh A., Online Identity Theft: Phishing Technology, Chokepoints, and Countermeasures. Radix Labs. 3 Oct, 2005.

[16]

Jagatic T., Johnson N., Jakobsson M., and Menczer F., "Social Phishing", Communications of ACM, to appear, http://www.indiana.edu/~phishing/social-network-experiment/phishing-preprint.pdf, accessed 3 Jan 2006

Digital Library

[17]

Mail Frontier. Phishing IQ, http://www.mailfrontier.com, accessed 3 Nov 2005

[18]

Horgan D.,."The Phishing Phleet" Courant.com. http://blogs.courant.com/travel_columnists_horgan/2005/11/the_phishing_ph.html, accessed 2 Dec 2005

[19]

Brandt A., "Phishing Anxiety May Make You Miss Messages" PCWORLD. October 2005: 34

[20]

IU Phishing Research, http://www.indiana.edu/~phishing/, accessed 6 Jan 2006

[21]

CNETNews.com, "Browser Phishing Flaw Could Hook Users", http://news.zdnet.com/2100-1009_22-5484315.html, accessed 15 Dec 2005

[22]

Werner, Laurie. "Redefining Computer Literacy in the Age of Ubiquitous Computing." Proc. ACM SIGITE 05, 95--99, 2005

Digital Library

[23]

Anti-Phishing Working Group, "Phishing Activity Trends Report", http://www.antiphishing.org/reports/ apwg_report_DEC2005_FINAL.pdf, accessed 20 March 2006

[24]

Korea Internet Security Center, "Korea Phishing Activity Trends Report", http://www.antiphishing.org/reports/ 200601_KoreaPhishingReport_Jan2006.pdf, accessed 20 March 2006

Cited By

Burda PAllodi LZannone N(2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
https://dl.acm.org/doi/10.1145/3635149
Al-Hamar YKolivand HAl-Hamar A(2024)Anti-phishing Attacks in GamificationEncyclopedia of Computer Graphics and Games10.1007/978-3-031-23161-2_383(117-122)Online publication date: 5-Jan-2024
https://doi.org/10.1007/978-3-031-23161-2_383
Taraka Rama Mokshagna Teja MPraveen K(2022)Prevention of Phishing Attacks Using QR Code Safe AuthenticationInventive Computation and Information Technologies10.1007/978-981-16-6723-7_27(361-372)Online publication date: 18-Jan-2022
https://doi.org/10.1007/978-981-16-6723-7_27
Show More Cited By

Index Terms

Don't be a phish: steps in user education
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education
      2. Model curricula

Recommendations

School of phish: a real-world evaluation of anti-phishing training
SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated ...
Teaching Johnny not to fall for phish

Phishing attacks, in which criminals lure Internet users to Web sites that spoof legitimate Web sites, are occurring with increasing frequency and are causing considerable harm to victims. While a great deal of effort has been devoted to solving the ...
Don't be a phish: steps in user education
ITICSE '06: Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGCSE Bulletin

ACM SIGCSE Bulletin Volume 38, Issue 3

September 2006

367 pages

ISSN:0097-8418

DOI:10.1145/1140123

Issue’s Table of Contents

ITICSE '06: Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education
June 2006
390 pages
ISBN:1595930558
DOI:10.1145/1140124
Conference Chair:
Renzo Davoli
Università di Bologna, Italy
,
Program Chairs:
Michael Goldweber
Xavier University
,
Paola Salomoni
Università di Bologna, Italy

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2006

Published in SIGCSE Volume 38, Issue 3

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
1,970
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)3

Reflects downloads up to 21 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Burda PAllodi LZannone N(2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
https://dl.acm.org/doi/10.1145/3635149
Al-Hamar YKolivand HAl-Hamar A(2024)Anti-phishing Attacks in GamificationEncyclopedia of Computer Graphics and Games10.1007/978-3-031-23161-2_383(117-122)Online publication date: 5-Jan-2024
https://doi.org/10.1007/978-3-031-23161-2_383
Taraka Rama Mokshagna Teja MPraveen K(2022)Prevention of Phishing Attacks Using QR Code Safe AuthenticationInventive Computation and Information Technologies10.1007/978-981-16-6723-7_27(361-372)Online publication date: 18-Jan-2022
https://doi.org/10.1007/978-981-16-6723-7_27
Al-Hamar YKolivand HAl-Hamar A(2021)Anti-Phishing Attacks in GamificationEncyclopedia of Computer Graphics and Games10.1007/978-3-319-08234-9_383-1(1-7)Online publication date: 23-Sep-2021
https://doi.org/10.1007/978-3-319-08234-9_383-1
van der Lubbe LBosse TGerritsen C(2018)Design of an Agent-Based Learning Environment for High-Risk Doorstep Scam VictimsHighlights of Practical Applications of Agents, Multi-Agent Systems, and Complexity: The PAAMS Collection10.1007/978-3-319-94779-2_29(335-347)Online publication date: 20-Jun-2018
https://doi.org/10.1007/978-3-319-94779-2_29
Aleroud AZhou L(2017)Phishing environments, techniques, and countermeasuresComputers and Security10.1016/j.cose.2017.04.00668:C(160-196)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.1016/j.cose.2017.04.006
Redmiles EMalone AMazurek M(2016)I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.24(272-288)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.24
Chaudhry JRittenhouse R(2015)Phishing: Classification and Countermeasures2015 7th International Conference on Multimedia, Computer Graphics and Broadcasting (MulGraB)10.1109/MulGraB.2015.17(28-31)Online publication date: Nov-2015
https://doi.org/10.1109/MulGraB.2015.17
Zareapoor MSeeja K(2014)Text Mining for Phishing E-mail DetectionIntelligent Computing, Communication and Devices10.1007/978-81-322-2012-1_8(65-71)Online publication date: 26-Aug-2014
https://doi.org/10.1007/978-81-322-2012-1_8
Price S(2007)Protecting Privacy Credentials from Phishing and Spyware Attacks2007 IEEE SMC Information Assurance and Security Workshop10.1109/IAW.2007.381929(167-174)Online publication date: Jun-2007
https://doi.org/10.1109/IAW.2007.381929
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents