Ethics and Phishing Experiments.

نویسندگان

  • David B Resnik
  • Peter R Finn
چکیده

Phishing is a fraudulent form of email that solicits personal or financial information from the recipient, such as a password, username, or social security or bank account number. The scammer may use the illicitly obtained information to steal the victim's money or identity or sell the information to another party. The direct costs of phishing on consumers are exceptionally high and have risen substantially over the past 12 years. Phishing experiments that simulate real world conditions can provide cybersecurity experts with valuable knowledge they can use to develop effective countermeasures and prevent people from being duped by phishing emails. Although these experiments contravene widely accepted informed consent requirements and involve deception, we argue that they can be conducted ethically if risks are minimized, confidentiality and privacy are protected, potential participants have an opportunity to opt out of the research before it begins, and human subjects are debriefed after their participation ends.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Designing and Conducting Phishing Experiments

We describe ethical and procedural aspects of setting up and conducting phishing experiments, drawing on experience gained from being involved in the design and execution of a sequence of phishing experiments (second author), and from being involved in the review of such experiments at the Institutional Review Board (IRB) level (first author). We describe the roles of consent, deception, debrie...

متن کامل

Experimental Case Studies for Investigating E-Banking Phishing Intelligent Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical...

متن کامل

Intelligent Detection System for e-banking Phishing websites using Fuzzy Data Mining

Detecting and identifying e-banking Phishing websites is really a complex and dynamic problem involving many factors and criteria. Because of the subjective considerations and the ambiguities involved in the detection, Fuzzy Data Mining Techniques can be an effective tool in assessing and identifying e-banking phishing websites since it offers a more natural way of dealing with quality factors ...

متن کامل

Phishing website detection using weighted feature line embedding

The aim of phishing is tracing the users' s private information without their permission by designing a new website which mimics the trusted website. The specialists of information technology do not agree on a unique definition for the discriminative features that characterizes the phishing websites. Therefore, the number of reliable training samples in phishing detection problems is limited. M...

متن کامل

Detecting Fake Websites Using Swarm Intelligence Mechanism in Human Learning

The internet and its various services have made users to easily communicate with each other. Internet benefits including online business and e-commerce. E-commerce has boosted online sales and online auction types. Despite their many uses and benefits, the internet and their services have various challenges, such as information theft, which challenges the use of these services. Information thef...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Science and engineering ethics

دوره   شماره 

صفحات  -

تاریخ انتشار 2017