Virus Bulletin Conference Papers (5)

Virus Bulletin 2007

David Harley and Andrew Lee: Phish Phodder: is User Education Helping or Hindering?; Virus Bulletin Conference Proceedings, 2007. Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin

(Also available as previously on the ESET site, also by permission of Virus Bulletin.)

ABSTRACT
Mostly, security professionals can spot a phish a mile off. If they do err, it’s usually on the side of caution, for instance when real organizations fail to observe best practice and generate phish-like marketing messages. Many sites are now addressing the problem with phishing quizzes, intended to teach the everyday user to distinguish phish from phowl (sorry). Academic papers on why people fall for phishing mails and sites are something of a growth industry. Yet phishing attacks continue to increase, and while accurate and up-to-date figures for financial loss are hard to come by, indications are that losses from phishing and other forms of identity theft continue to climb.

This paper:
1. Evaluates current research on how end users are susceptible to phishing attacks and ID theft.
2. Evaluates a range of web-based educational and informational resources in general and summarizes the pros and cons of the quiz approach in particular.
3. Reviews the shared responsibility of phished institutions and phishing mail targets for reducing the impact of phishing scams. What constitutes best practice for finance-related mail-outs and e-commerce transactions? How far can we rely on detection technology?

David Harley CITP FBCS CISSP
Small Blue-Green World/ChainMailCheck
ESET Senior Research Fellow

About David Harley

Former Computer Security Author/Editor; Independent Antimalware Researcher/Author; guitarist/singer/songwriter
This entry was posted in ChainMailCheck, conference papers, David Harley, ESET, VB Conference Papers, Virus Bulletin and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.