Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing for Credit

Posted by Zonk on from the both-academic-and-financial dept.

An anonymous reader writes "Two graduate students at Indiana University conducted a phishing study to determine how readily students will give up personal information if the phishing emails appear to come from close friends. Using only publicly available information, they sent out emails to students asking them to click a link that required username/password information. Needless to say, the study has generated lots of attention on campus. The student newspaper has the story and the researchers have created a blog where the participants can vent."

3 of 218 comments (clear)

  1. forged headers by doormat · · Score: 5, Informative

    "I was frustrated that I was hearing from a friend that my e-mail account was sending her things,"

    Spam can come from anyone - its not too hard to forge the "FROM" line on an email. I'd hardly call it abuse of your account when spammers do it all the time.

    --
    The Doormat

    If you're not outraged, then you're not paying attention.
  2. RTFA.... by YankeeInExile · · Score: 5, Informative

    ... to find that they did this experiment under the oversight of the university's Human Subjects Committee.

    If that doesn't sound like some sort of ethical guidelines I don't know what does.

    --
    How does the Slashdot Effect happen given that no slashdotters ever RTFA?
  3. Re:The More Attention This Gets, The Better by pclminion · · Score: 4, Informative
    I think it's pretty clear to everyone that these students didn't follow proper procedure for research studies. When I did human experimental research, I had to have my research proposal approved by the Institutional Review Board at my college.

    That's precisely what they did. The whole thing was authorized from top to bottom. They even got the okay from campus IT to "abuse" the computer systems for their purposes. Try RTFA sometime.