Don't be a phish

Steps in user education

Stefan Robila, James W. Ragucci

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

29 Citations (Scopus)

Abstract

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

Original languageEnglish
Title of host publicationITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
Pages237-241
Number of pages5
StatePublished - 29 Sep 2006
EventITiCSE06: 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education - Bologna, Italy
Duration: 26 Jun 200628 Jun 2006

Publication series

NameITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
Volume2006

Other

OtherITiCSE06: 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education
CountryItaly
CityBologna
Period26/06/0628/06/06

Fingerprint

Education
Security of data

Keywords

  • Computer education
  • Information security
  • Phishing

Cite this

Robila, S., & Ragucci, J. W. (2006). Don't be a phish: Steps in user education. In ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education (pp. 237-241). (ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education; Vol. 2006).
Robila, Stefan ; Ragucci, James W. / Don't be a phish : Steps in user education. ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education. 2006. pp. 237-241 (ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education).
@inproceedings{02d0f8de794c4e81b2c8bf4d1d20607f,
title = "Don't be a phish: Steps in user education",
abstract = "Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.",
keywords = "Computer education, Information security, Phishing",
author = "Stefan Robila and Ragucci, {James W.}",
year = "2006",
month = "9",
day = "29",
language = "English",
isbn = "1595930558",
series = "ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education",
pages = "237--241",
booktitle = "ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education",

}

Robila, S & Ragucci, JW 2006, Don't be a phish: Steps in user education. in ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education. ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, vol. 2006, pp. 237-241, ITiCSE06: 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, Bologna, Italy, 26/06/06.

Don't be a phish : Steps in user education. / Robila, Stefan; Ragucci, James W.

ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education. 2006. p. 237-241 (ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

TY - GEN

T1 - Don't be a phish

T2 - Steps in user education

AU - Robila, Stefan

AU - Ragucci, James W.

PY - 2006/9/29

Y1 - 2006/9/29

N2 - Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

AB - Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

KW - Computer education

KW - Information security

KW - Phishing

UR - http://www.scopus.com/inward/record.url?scp=33748964605&partnerID=8YFLogxK

M3 - Conference contribution

SN - 1595930558

SN - 9781595930552

T3 - ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education

SP - 237

EP - 241

BT - ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education

ER -

Robila S, Ragucci JW. Don't be a phish: Steps in user education. In ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education. 2006. p. 237-241. (ITiCSE06 - Proceedings of the 11th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education).