Don't be a phish

Steps in user education

Stefan Robila, James W. Ragucci

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

15 Citations (Scopus)

Abstract

Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

Original languageEnglish
Title of host publicationWorking Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006
Pages237-241
Number of pages5
DOIs
StatePublished - 1 Dec 2006
Event11th Annual Joint Conference Integrating Technology into Computer Science Education 2006 - Bologna, Italy
Duration: 26 Jun 200628 Jun 2006

Publication series

NameWorking Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006

Other

Other11th Annual Joint Conference Integrating Technology into Computer Science Education 2006
CountryItaly
CityBologna
Period26/06/0628/06/06

Fingerprint

e-mail
Education
Security of data
education
hacker
vulnerability
cause

Keywords

  • Computer education
  • Education
  • Information security
  • Phishing

Cite this

Robila, S., & Ragucci, J. W. (2006). Don't be a phish: Steps in user education. In Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006 (pp. 237-241). (Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006). https://doi.org/10.1145/1140124.1140187
Robila, Stefan ; Ragucci, James W. / Don't be a phish : Steps in user education. Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006. 2006. pp. 237-241 (Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006).
@inproceedings{17fa8e76661844dcba43dc5835adf15c,
title = "Don't be a phish: Steps in user education",
abstract = "Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.",
keywords = "Computer education, Education, Information security, Phishing",
author = "Stefan Robila and Ragucci, {James W.}",
year = "2006",
month = "12",
day = "1",
doi = "10.1145/1140124.1140187",
language = "English",
isbn = "1595936033",
series = "Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006",
pages = "237--241",
booktitle = "Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006",

}

Robila, S & Ragucci, JW 2006, Don't be a phish: Steps in user education. in Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006. Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006, pp. 237-241, 11th Annual Joint Conference Integrating Technology into Computer Science Education 2006, Bologna, Italy, 26/06/06. https://doi.org/10.1145/1140124.1140187

Don't be a phish : Steps in user education. / Robila, Stefan; Ragucci, James W.

Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006. 2006. p. 237-241 (Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

TY - GEN

T1 - Don't be a phish

T2 - Steps in user education

AU - Robila, Stefan

AU - Ragucci, James W.

PY - 2006/12/1

Y1 - 2006/12/1

N2 - Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

AB - Phishing, e-mails sent out by hackers to lure unsuspecting victims into giving up confidential information, has been the cause of countless security breaches and has experienced in the last year an increase in frequency and diversity. While regular phishing attacks are easily thwarted, designing the attack to include user context information could potentially increase the user's vulnerability. To prevent this, phishing education needs to be considered. In this paper we provide an overview of phishing education, focusing on context aware attacks and introduce a new strategy for educating users by combining phishing IQ tests and class discussions. The technique encompasses displaying both legitimate and fraudulent e-mails to users and having them identify the phishing attempts from the authentic e-mails. Proper implementation of this system helps teach users what to look for in e-mails, and how to protect their confidential information from being caught in the nets of phishers. The strategy was applied in Introduction to Computing courses as part of the computer security component. Class assessment indicates an increased level of awareness and better recognition of attacks.

KW - Computer education

KW - Education

KW - Information security

KW - Phishing

UR - http://www.scopus.com/inward/record.url?scp=34548331875&partnerID=8YFLogxK

U2 - 10.1145/1140124.1140187

DO - 10.1145/1140124.1140187

M3 - Conference contribution

SN - 1595936033

SN - 9781595936035

T3 - Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006

SP - 237

EP - 241

BT - Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006

ER -

Robila S, Ragucci JW. Don't be a phish: Steps in user education. In Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006. 2006. p. 237-241. (Working Group Reports on ITiCSE on Innovation and Technology in Computer Science Education 2006). https://doi.org/10.1145/1140124.1140187