Existing Phishing Education Ineffective, Say Researchers

In the past week, security investigators in Pittsburgh differed over the ways of educating Internet users so as to forestall phishing assaults, but unanimously decided that majority of the existing techniques of user instruction are insufficient.

Besides, it's also hard to discover a successful technique due to the variety of people using the Internet, averred Lorrie Faith Cranor, Carnegie Mellon University's associate research professor, informed PC World in its October 10, 2007 edition.

Initial conclusions of the investigation, which were submitted in the beginning of October at the eCrime Researchers Summit by the Anti-Phishing Working Group (APWG) in Pittsburgh hosted by CMU's CyLab, exhibits that phishers are generally fortunate since e-mail users trip over the details that could assist them to identify a scam.

During a survey, three groups of 14 members each got e-mails that contained junk e-mail and phishing strikes in addition to genuine mail. Two groups were given instructive material on ways of avoiding phishing; but just one group got the data subsequent to being duped by phishing messages and posting private data into a fake Internet site. As per the investigators, the group spent nearly double time examining the material of those members who had evaded phishing.

The group having educational info but hadn't experienced phishing were also not able to identify phishing strikes like the third group, without any educational materials, investigators alleged.

After a week, when investigators carried out the exercise, 64% of the phishing strikes transmitted to the group already phished were accurately detected, while the remaining two groups rightly spotted just 7% of the phishing messages.

At the Anti-Phishing Work Group's eCrime Researchers Summit, Lorrie Faith Cranor stated that their experience with user education has ascertained that certain things that maybe successful with a handful consumers don't succeed when e-mailed out to others.

Indiana University's associate professor of informatics, Markus Jakobsson, said that several conventional recommendations given to Internet users about phishing can be deceptive, as phishers with their constantly modifying strategies make that warning outdated, reported by PC World on October 10, 2007.

Nevertheless, the position isn't absolutely grim, and investigators are discovering that a few things do succeed. Instruction that attracts people's general spontaneity effectively makes them less susceptible to phishing, investigators alleged.

Related article: Exhausted By New Features, Users Would Downgrade Security

» SPAMfighter News - 10/31/2007