February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Top Spamming Countries | Main | iPhone Hacked -- What Now? »

July 23, 2007
Who Falls For Phishing?

A recent study at Indiana University tested several versions of phishing email on their students. And while some have questioned the ethics of sending out fake phishing emails to see how best to capture the students personal information, it seems to me that the best way to understand the bad guys is to act like them.

Also, before sending out the phishing emails, the researchers made sure to protect all the emails used in the study behind a secure server, and that none of the information submitted by the unwitting subjects was saved or stored.

And what did they discover? According to this article at Macroworld Investor, 72 percent of the more than 600 students tested fell for an phishing email if it came from an account that looked familiar and asked for usernames and passwords.

If they received the same email from an unfamiliar email address only 18 percent of the students were fooled. This means that hackers can achieve the greatest success using hijacked email accounts. The research also showed that computer users (and these are college students were talking about) have little understanding of Web site security certificates and what constituted a fake website.

Other phishing research has found that phishing is more successful if it relies on human vulnerabilities such as greed, curiosity, ignorance, or fear, which is basically the ingredients of social engineering spam.

"When you talk to someone, you look in their eyes and say, ‘Does this look like they're telling the truth?' And we get pretty good at making these judgments," said Lorrie Cranor, who directs an anti-phishing group at Carnegie Mellon in Pittsburgh. "But most of are not very good at making these judgments online."

The best way to counteract phishing is to train users to recognize these weaknesses and essentially never, whenever personal information is asked for, to restart your web browser and go directly to the website in question, thereby bypassing the potential phishing email altogether.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2152

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map