Designing and Conducting Phishing Experiments
نویسندگان
چکیده
We describe ethical and procedural aspects of setting up and conducting phishing experiments, drawing on experience gained from being involved in the design and execution of a sequence of phishing experiments (second author), and from being involved in the review of such experiments at the Institutional Review Board (IRB) level (first author). We describe the roles of consent, deception, debriefing, risks and privacy, and how related issues place IRBs in a new situation. We also discuss user reactions to phishing experiments, and possible ways to limit the perceived harm to the subjects.
منابع مشابه
Experimental Case Studies for Investigating E-Banking Phishing Intelligent Techniques and Attack Strategies
Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical...
متن کاملPhishing website detection using weighted feature line embedding
The aim of phishing is tracing the users' s private information without their permission by designing a new website which mimics the trusted website. The specialists of information technology do not agree on a unique definition for the discriminative features that characterizes the phishing websites. Therefore, the number of reliable training samples in phishing detection problems is limited. M...
متن کاملAn Empirical Analysis of the Effectiveness of Browser-based Anti- phishing Solutions
Phishing has by far become the most dangerous form of fraud to hit online business. Due to the key role in accessing the Internet, web browsers are at a strategic position to offer the protection against the risks of phishing attacks. Varieties of security companies have proposed their browser-based antiphishing solutions to protect the end-use. In this paper, we used 3403 fresh phishing URLs a...
متن کاملWhy Phishing Works: Project for an Information Security Capstone Course
This paper presents a project which was conducted in a capstone course in Information Security. The project focused on conducting research concerning the various aspects of phishing, such as why phishing works and who is more likely to be deceived by phishing. Students were guided through the process of conducting research: finding background and related work on the topic, determining the hypot...
متن کاملA Summary of Survey Methodology Best Practices for Security and Privacy Researchers
“Given a choice between dancing pigs and security, users will pick dancing pigs every time,” warns an oft-cited quote from well-known security researcher Bruce Schneier [132]. This issue of understanding how to make security tools and mechanisms work better for humans (often categorized as usability, broadly construed) has become increasingly important over the past 17 years [7], [159], as illu...
متن کامل