Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | CURRENT PRINT ISSUE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | CAREERS
Security Blog: Online Game for Recognizing Internet Scams
Security
Blog Home | Department Home | More Blogs |
Blog Home | Department Home | More Blogs |
EYE ON SECURITY

The World of Secure Development.

by Kevin Carlson
LOCK IT UP

... Keys to Better Security

by Neil Rerup
September 25, 2007

Online Game for Recognizing Internet Scams

Security experts will go to all sorts of extremes to teach people how to better recognize and avoid email phishing and other Internet scams. And rightly so. Researchers at the Carnegie Mellon Usable Privacy and Security Lab, for instance, have turned to interactive, online games. Anti-Phishing Phil is a fish (that's a pun, right?) that helps users better identify fraudulent Web sites.

To play the game, participants are asked to take a short quiz, play the game, and then take another quiz. Those who leave their email address and participate in a follow-up quiz a week later are eligible for a raffle prize of a $100 Amazon.com gift card.

"We believe education is essential if people are to avoid being ripped off by these phishing attacks and similar online scams," said Lorrie Cranor, associate research professor in the School of Computer Science’s Institute for Software Research and director of the CUPS Lab. "Unlike viruses or spyware, phishing attacks don’t exploit weaknesses in a computer’s hardware or software, but take advantage of the way people use their computers and their often-limited knowledge of the way computers work."

Phishing attacks attempt to trick people into revealing personal information or bank or credit card account information. Often, they involve emails that appear to be from a legitimate business, such as a bank, and direct recipients to visit a Web site that likewise appears to belong to that business. There they are asked to "verify" account information. In addition to spoof emails and counterfeit Web sites, some attacks even mimic parts of a user’s own Web browser.

"We designed the game to teach people how to use Web addresses, or URLs, to identify phishing Web sites,” said Steve Sheng, a Ph.D. student in CMU's Engineering and Public Policy Department and lead developer of Anti-Phishing Phil. “"That tactic can also be useful in analyzing suspicious email messages."

In addition to Cranor and Sheng, Anti-Phishing Phil developers include faculty members Jason Hong and Alessandro Acquisti, and students Bryant Magnien and Ponnurangam Kumaraguru. CUPS has also collaborated with Portugal Telecom to develop a Portuguese version of the game called Anti-Phishing Ze.

Posted by Jon Erickson at 09:29 AM  Permalink



 
INFO-LINK


| All Feeds
© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com
Related Sites: DotNetJunkies, SD Expo, SqlJunkies