cacr logo

apwg logo


Phishing is type of electronic fraud that uses social engineering. Phishers pretend to be a trustworthy party (such as a bank) in attempt to steal sensitive information (such as passwords, bank account numbers, or credit card details). A Phishing attack is carried out electronically -- commonly through email or instant messaging, but it can also occur through voice phone calls, text messages, or other electronic communication methods. Once a phisher has collected this sensitive information, it can be used to take money from an account or simply shuffle money back and forth to make it harder to audit where money flows.

Phishing and identity theft are problems faced by millions of people every day. Some people have begun to question how they use the Internet: "Is it safe to use my credit card on the Internet?" ... "Does my bank really want me to change my password?" Others fall victim to these scams without realization.

There are several commercial grade anti-phishing solutions on the market for organizations to protect their employee inboxes. Inbox providers like Office 365 and Google G Suite include anti-phishing solutions in their core offering however a number of customer choose to use a dedicated third party solution. If you're looking to hook up your inbound email with phishing software that provides phishing protection, consider a solution powered by (a leading player in email security services).

At IU, we are attacking the problem head-on, by studying the problem in depth to figure out exactly what makes phishers tick. Electronic fraud affects nearly everyone: students, researchers, banks, everyday people... the list is endless. Depending on who you are, it may affect you differently. If you work for a bank you probably want to protect your clients from harm. If you use online banking, you are probably interested in protecting your investments and family.

To keep up with our work, check out our group in the news, at work or in the press.