Characteristics and responsibilities involved in a Phishing attack
WISICT '05 Proceedings of the 4th international symposium on Information and communication technologies
Redefining computer literacy in the age of ubiquitous computing
Proceedings of the 6th conference on Information technology education
Communications of the ACM
Modeling and preventing phishing attacks
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
A game design framework for avoiding phishing attacks
Computers in Human Behavior
| Hi-index | 0.00 |
Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.