Let’s punish phishing victims… er, you want to do what?!

Let’s punish phishing victims… er, you want to do what?!

Reading Time: 7 minutes There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before...

The Definitive Fraud Encyclopedia

Reading Time: 1 minuteThis unique guide provides step-by-step instructions on how to commit fraud. From buying the correct hardware and software, to spoofing the personal details of your victims, to actually using stolen cards effectively. Originally published by an...

NoPhish App Evaluation: Lab and Retention Study

Reading Time: 1 minutePhishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat – the users themselves. We believe user education about the dangers of the Internet is a further...

Phishing and Organisational Learning

Reading Time: 1 minuteThe importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these...

Training Users to Counteract Phishing

Reading Time: 1 minutePhishing is an increasingly more prevalent form of online, social engineered scams that escalate costs and risks to society year to year. This study demonstrates an association between anti-phishing training techniques used in previous research...

PROTECTION MOTIVATION THEORY: A PHISHING EXPEDITION

Reading Time: 1 minuteAs the number of individuals with email accounts continues to increase, so does the risk of unintentionally giving out sensitive information. Phishing has been described as a type of social engineering with the goal of gaining confidential or...

F for Fake: Four Studies on How We Fall for Phish

Reading Time: 1 minuteThis paper reports findings from a multi-method set of four studies that investigate why we continue to fall for phish. Current security advice suggests poor spelling and grammar in emails can be signs of phish. But a content analysis of a...

Does domain highlighting help people identify phishing sites?

Reading Time: 1 minutePhishers are fraudsters that mimic legitimate websites to steal user’s credential information and exploit that information for identity theft and other criminal activities. Various anti-phishing techniques attempt to mitigate such attacks. Domain...

A Profitless Endeavor: Phishing as Tragedy of the Commons

Reading Time: 1 minuteConventional wisdom is that phishing represents easy money. In this paper we examine the economics that underlie the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open...

Teaching Johnny Not to Fall for Phish

Reading Time: 1 minuteResearch focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about...

The Effectiveness of Deceptive Tactics in Phishing

Reading Time: 1 minutePhishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of...

The Human Factor in Phishing

Reading Time: 1 minuteWe discuss the importance of understanding psychological aspects of phishing, and review some recent findings. Given these findings, we critique some commonly used security practices and suggest and review alternatives, including educational...

Phishing: can we spot the signs?

Reading Time: 1 minuteDr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of...

Phishing: can we spot the signs?

Reading Time: 1 minuteDr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of...

Protecting Users Against Phishing Attacks with AntiPhish

Reading Time: 1 minutePhishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have...