Real-World Phishing Experiments: A Case Study
نویسندگان
چکیده
We describe a means for constructing phishing experiments which achieve the mutually competitive goals of being ethical and accurate. We present an implementation of these experiments based on the user interface of a popular online auction site, and the results gained from performing these experiments on several hundred subjects. In particular, we find that cousin domains (such as ebay.secure-name.com) are more effective (from a phisher’s perspective) than IP addresses; approximately 11% of users will yield their credentials to a cousin domain, compared to approximately 7% for an IP address. Portions of this work appeared in a paper presented at WWW ‘06; these are marked, and a discussion of new material is given at the end of the introduction.
منابع مشابه
School of Phish: A Real-World Evaluation of Anti-Phishing Training
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...
متن کاملSchool of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002)
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...
متن کاملTesting PhishGuru in the Real World
In real world testing of PhishGuru, an embedded training system that teaches people how to protect themselves from phishing attacks, we found (a) PhishGuru is effective in training people in the real world; (b) users retained knowledge when trained with PhishGuru in the real world; (c) a large percentage of people who clicked on links in simulated emails proceeded to give some form of personal ...
متن کاملRevisiting Email Spoofing Attacks
The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to impersonate a trusted entity to conduct highly deceptive phishing attacks. In this work, we study email spoofing to answer three key questions: (1) How do email pro...
متن کاملSubmitted in partial fulfillment of the requirements for
Phishing is a kind of attack in which criminals use spoofed emails and fraudulent web sites to trick people into giving up personal information. This thesis looks at the phishing problem holistically by examining various stakeholders and their countermeasures, and by surveying experts’ opinions about the current and future threats and the kinds of countermeasures that should be put in place. It...
متن کامل