Don't be a phish: Steps in user education

Stefan Robila, James W. Ragucci

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Scopus citations

Abstract

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

Original languageEnglish
Title of host publicationITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
Pages237-241
Number of pages5
DOIs
Publication statusPublished - 29 Sep 2006
EventITiCSE06: 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education - Bologna, Italy
Duration: 26 Jun 200628 Jun 2006

Publication series

NameITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
Volume2006

Other

OtherITiCSE06: 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
CountryItaly
CityBologna
Period26/06/0628/06/06

    Fingerprint

Keywords

  • Computer education
  • Education
  • Information security
  • Phishing

Cite this

Robila, S., & Ragucci, J. W. (2006). Don't be a phish: Steps in user education. In ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education (pp. 237-241). (ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education; Vol. 2006). https://doi.org/10.1145/1140124.1140187