Let’s punish phishing victims… er, you want to do what?!

Let’s punish phishing victims… er, you want to do what?!

There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...

The Definitive Fraud Encyclopedia

This unique guide provides step-by-step instructions on how to commit fraud. From buying the correct hardware and software, to spoofing the personal details of your victims, to actually using stolen cards effectively. Originally published by an anonymous individual...

NoPhish App Evaluation: Lab and Retention Study

Phishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat – the users themselves. We believe user education about the dangers of the Internet is a further key strategy to...

Phishing and Organisational Learning

The importance of addressing the human aspect in information security has grown over the past few years. One of the most frequent techniques used to obtain private or confidential information from humans is phishing. One way to combat these phishing scams is to have...

Training Users to Counteract Phishing

Phishing is an increasingly more prevalent form of online, social engineered scams that escalate costs and risks to society year to year. This study demonstrates an association between anti-phishing training techniques used in previous research and individual...

PROTECTION MOTIVATION THEORY: A PHISHING EXPEDITION

As the number of individuals with email accounts continues to increase, so does the risk of unintentionally giving out sensitive information. Phishing has been described as a type of social engineering with the goal of gaining confidential or sensitive information...

F for Fake: Four Studies on How We Fall for Phish

This paper reports findings from a multi-method set of four studies that investigate why we continue to fall for phish. Current security advice suggests poor spelling and grammar in emails can be signs of phish. But a content analysis of a phishing archive indicates...

A Profitless Endeavor: Phishing as Tragedy of the Commons

Conventional wisdom is that phishing represents easy money. In this paper we examine the economics that underlie the phenomenon, and find a very different picture. Phishing is a classic example of tragedy of the commons, where there is open access to a resource that...

Teaching Johnny Not to Fall for Phish

Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...

The Effectiveness of Deceptive Tactics in Phishing

Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...

The Human Factor in Phishing

We discuss the importance of understanding psychological aspects of phishing, and review some recent findings. Given these findings, we critique some commonly used security practices and suggest and review alternatives, including educational approaches. We suggest a...

Phishing: can we spot the signs?

Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and...

Phishing: can we spot the signs?

Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can’t tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and...

Protecting Users Against Phishing Attacks with AntiPhish

Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in...