Domain: wombatsecurity.com
Stories and comments across the archive that link to wombatsecurity.com.
Comments · 7
-
Scientific Studies on Protecting People from Phish
I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.
My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.
We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.
Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.
-
Scientific Studies on Protecting People from Phish
I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.
My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.
We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.
Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.
-
Scientific Studies on Protecting People from Phish
I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.
My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.
We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.
Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.
-
Scientific Studies on Protecting People from Phish
I wrote up an article in Communications of the ACM about a year ago summarizing the state of phishing attacks.
My colleagues and I have also studied phishing extensively and have the most comprehensive peer-reviewed body of work in this area. Our studies include understanding why people fall for phishing attacks (PDF), evaluating how well simulated phishing attacks work (PDF) (the short answer is quite well, based on a study of 500 people), designing and evaluating a micro game teaching people about URLs works (PDF) (empirically tested with several thousand people), and more.
We've also commercialized our work, in terms of a service for simulated phishing attacks, the micro game for anti-phishing, and more.
Also, to anyone saying "people are stupid" or "they deserve to get malware", you really are part of the problem. It's our job to protect people, to reduce complexity, and to ensure the safety of our systems and networks. Arrogantly dismissing others as being inferior or stupid is one reason why computer security, user interfaces, and software in general is in the state it is.
-
Not new, still cool
-
Nothing New HereThis result was already pretty well known.
Jagatic and others saw this in 2007 in their work on social phishing at Indiana University.
We saw the same in our PhishGuru work at Carnegie Mellon, on training people not to fall for phishing scams in 2009.
As an aside, I know many slashdotters don't believe you can train people to protect themselves from phishing. That is the standard conventional wisdom in computer security. However, we've actually demonstrated that you can, if you make it fun, timely, and relevant. We're commercializing some micro games for security training and a service for simulated phishing attacks based on research we did at Carnegie Mellon.
-
Nothing New HereThis result was already pretty well known.
Jagatic and others saw this in 2007 in their work on social phishing at Indiana University.
We saw the same in our PhishGuru work at Carnegie Mellon, on training people not to fall for phishing scams in 2009.
As an aside, I know many slashdotters don't believe you can train people to protect themselves from phishing. That is the standard conventional wisdom in computer security. However, we've actually demonstrated that you can, if you make it fun, timely, and relevant. We're commercializing some micro games for security training and a service for simulated phishing attacks based on research we did at Carnegie Mellon.