Article

Don't be a phish: steps in user education

Authors:

Stefan A. Robila,

James W. RagucciAuthors Info & Claims

ITICSE '06: Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education

Pages 237 - 241

https://doi.org/10.1145/1140124.1140187

Published: 26 June 2006 Publication History

Abstract

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

References

[1]

CNN. com, "A convicted hacker debunks some myths." http://www.cnn.com/2005/TECH/internet/10/07/kevin.mitnick.cnna/index.html 2005, accessed 01/06/06

[2]

Duntemann J., Degunking Your Email, Spam, And Viruses. Scottsdale, Arizona: Paraglyph Press, 2004

[3]

Merwe A, Loock M., and Dabrowski M. "Characteristics and responsibilities involved in a Phishing attack." Proc. ACM WISCT 05, 92, 249--254, 2005

Digital Library

[4]

http://en.wikipedia.org/wiki/Phishing, accessed 30 Nov 2005

[5]

Roberts, Paul F. "Cyber-looters Capitalize on Katrina." eWeek. 12 Sept. 2005: 11--12

[6]

MailFrontier Phishing IQ, "Paypal Tsunami" example, http://www.mailfrontier.com/quiztest2/S2img/Q22_tsunami.gif, accessed 3 Nov. 2005.

[7]

Kerstein P.L., "How Can We Stop Phishing and Pharming Scams?" http://www.csoonline.com/talkback/071905.html, accessed 27 Nov 2005

[8]

Richardson T., "Brits Fall Prey to Phishing." The Register. http://www.theregister.co.uk/2005/05/03/aol_phishing/, accessed 27 Nov 2005

[9]

Sunday Morning Herald, "Phishing Spreads in Europe", http://www.smh.com.au/articles/2004/05/10/1084041315645.html, accessed 5 Jan 2006

[10]

Anti-Phishing Working Group, October 2005 Report, http://antiphishing.org/apwg_phishing_activity_report_oct_05.pdf, accessed 27 Nov 2005

[11]

Jakobsson M., Modeling and Preventing Phishing Attacks. Phishing Panel in Financial Cryptography '05.

Digital Library

[12]

Anti-Phishing Working Group, http://www.antiphishing.org/, accessed 27 Nov 2005

[13]

Better Business Bureau, http://www.bbbonline.org/idtheft/phishing_cond.asp, accessed 4 Jan 2006

[14]

Microsoft, Consumer Awareness Page on Phishing http://www.microsoft.com/athome/security/email/phishing.mspx, accessed 6 Jan 2006

[15]

Emigh A., Online Identity Theft: Phishing Technology, Chokepoints, and Countermeasures. Radix Labs. 3 Oct, 2005.

[16]

Jagatic T., Johnson N., Jakobsson M., and Menczer F., "Social Phishing", Communications of ACM, to appear, http://www.indiana.edu/~phishing/social-network-experiment/phishing-preprint.pdf, accessed 3 Jan 2006

Digital Library

[17]

Mail Frontier. Phishing IQ, http://www.mailfrontier.com, accessed 3 Nov 2005

[18]

Horgan D.,."The Phishing Phleet" Courant.com. http://blogs.courant.com/travel_columnists_horgan/2005/11/the_phishing_ph.html, accessed 2 Dec 2005

[19]

Brandt A., "Phishing Anxiety May Make You Miss Messages" PCWORLD. October 2005: 34

[20]

IU Phishing Research, http://www.indiana.edu/~phishing/, accessed 6 Jan 2006

[21]

CNETNews.com, "Browser Phishing Flaw Could Hook Users", http://news.zdnet.com/2100-1009_22-5484315.html, accessed 15 Dec 2005

[22]

Werner, Laurie. "Redefining Computer Literacy in the Age of Ubiquitous Computing." Proc. ACM SIGITE 05, 95--99, 2005

Digital Library

[23]

Anti-Phishing Working Group, "Phishing Activity Trends Report", http://www.antiphishing.org/reports/ apwg_report_DEC2005_FINAL.pdf, accessed 20 March 2006

[24]

Korea Internet Security Center, "Korea Phishing Activity Trends Report", http://www.antiphishing.org/reports/ 200601_KoreaPhishingReport_Jan2006.pdf, accessed 20 March 2006

Cited By

Kumar Birthriya SJain A(2021)A Comprehensive Survey of Phishing Email Detection and Protection TechniquesInformation Security Journal: A Global Perspective10.1080/19393555.2021.195967831:4(411-440)Online publication date: 15-Sep-2021
https://doi.org/10.1080/19393555.2021.1959678
Baral GArachchilage N(2019)Building Confidence not to be Phished Through a Gamified Approach: Conceptualising User's Self-Efficacy in Phishing Threat Avoidance Behaviour2019 Cybersecurity and Cyberforensics Conference (CCC)10.1109/CCC.2019.000-1(102-110)Online publication date: May-2019
https://doi.org/10.1109/CCC.2019.000-1
Delfino M(2018)Don't Trash Your Spam!Information and Technology Literacy10.4018/978-1-5225-3417-4.ch084(1656-1663)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-3417-4.ch084
Show More Cited By

Index Terms

Don't be a phish: steps in user education
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education
      2. Model curricula

Recommendations

Teaching Johnny not to fall for phish

Phishing attacks, in which criminals lure Internet users to Web sites that spoof legitimate Web sites, are occurring with increasing frequency and are causing considerable harm to victims. While a great deal of effort has been devoted to solving the ...
Don't be a phish: steps in user education

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular ...
Phish-IDetector: Message-Id Based Automatic Phishing Detection
ICETE 2015: Proceedings of the 12th International Joint Conference on e-Business and Telecommunications - Volume 4

Phishing attacks are a well known problem in our age of electronic communication. Sensitive information

like credit card details, login credentials for account, etc. are targeted by phishers. Emails are the most

common channel for launching phishing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ITICSE '06: Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education

June 2006

390 pages

ISBN:1595930558

DOI:10.1145/1140124

Conference Chair:
Renzo Davoli
Università di Bologna, Italy
,
Program Chairs:
Michael Goldweber
Xavier University
,
Paola Salomoni
Università di Bologna, Italy

ACM SIGCSE Bulletin Volume 38, Issue 3
September 2006
367 pages
ISSN:0097-8418
DOI:10.1145/1140123
Issue’s Table of Contents

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ITiCSE06

Sponsor:

ITiCSE06: 11th Annual Conference on Innovation and Technology in Computer Science Education

June 26 - 28, 2006

Bologna, Italy

Acceptance Rates

Overall Acceptance Rate 552 of 1,613 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
1,956
Total Downloads

Downloads (Last 12 months)71
Downloads (Last 6 weeks)4

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kumar Birthriya SJain A(2021)A Comprehensive Survey of Phishing Email Detection and Protection TechniquesInformation Security Journal: A Global Perspective10.1080/19393555.2021.195967831:4(411-440)Online publication date: 15-Sep-2021
https://doi.org/10.1080/19393555.2021.1959678
Baral GArachchilage N(2019)Building Confidence not to be Phished Through a Gamified Approach: Conceptualising User's Self-Efficacy in Phishing Threat Avoidance Behaviour2019 Cybersecurity and Cyberforensics Conference (CCC)10.1109/CCC.2019.000-1(102-110)Online publication date: May-2019
https://doi.org/10.1109/CCC.2019.000-1
Delfino M(2018)Don't Trash Your Spam!Information and Technology Literacy10.4018/978-1-5225-3417-4.ch084(1656-1663)Online publication date: 2018
https://doi.org/10.4018/978-1-5225-3417-4.ch084
Theodoros TLoukas K(2018)Online Social Network Phishing AttackEncyclopedia of Social Network Analysis and Mining10.1007/978-1-4939-7131-2_348(1671-1677)Online publication date: 12-Jun-2018
https://doi.org/10.1007/978-1-4939-7131-2_348
Lastdrager EGallardo IHartel PJunger M(2017)How effective is anti-phishing training for children?Proceedings of the Thirteenth USENIX Conference on Usable Privacy and Security10.5555/3235924.3235943(229-239)Online publication date: 12-Jul-2017
https://dl.acm.org/doi/10.5555/3235924.3235943
Theodoros TLoukas K(2017)Online Social Network Phishing AttackEncyclopedia of Social Network Analysis and Mining10.1007/978-1-4614-7163-9_348-1(1-7)Online publication date: 12-Aug-2017
https://doi.org/10.1007/978-1-4614-7163-9_348-1
Redmiles EKross SMazurek MWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)How I Learned to be SecureProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978307(666-677)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978307
Sun JChen A(2016)Effects of integrating dynamic concept maps with Interactive Response System on elementary school students' motivation and learning outcomeComputers & Education10.1016/j.compedu.2016.08.002102:C(117-127)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.compedu.2016.08.002
Arachchilage NLove SBeznosov K(2016)Phishing threat avoidance behaviourComputers in Human Behavior10.1016/j.chb.2016.02.06560:C(185-197)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1016/j.chb.2016.02.065
Hale MGamble RHale JHaney MLin JWalter C(2015)Measuring the Potential for Victimization in Malicious ContentProceedings of the 2015 IEEE International Conference on Web Services10.1109/ICWS.2015.49(305-312)Online publication date: 27-Jun-2015
https://dl.acm.org/doi/10.1109/ICWS.2015.49
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents