Phishing Projects

While good user education can hardly secure a system, we believe that poor user education can put it at serious risk. The current problem of online fraud is exasperated by the fact that most users make security decisions, such as whether to install a given piece of software or not, based on a very rudimentary understanding of risk. We have developed a cartoon approach aimed at teaching Internet security to typical computer users. We believe that our approach has benefits compared to currently practiced educational efforts with the same general goals, based on our four design criteria: (1) A research driven content selection, according to which we select educational messages based on user studies; (2) accessibility of the material, to reach and maintain a large readership; (3) user immersion in the material, based on repetitions on a theme; and (4) adaptability to a changing threat.

The fundamental purpose of this study was to study the effects of more advanced techniques in phishing using context. Receiving a message from a friend (or corroborated by friends), we hypothesized the credibility of the phishing attempt would be greater.

One can use a simple technique used to examine the web browser history of an unsuspecting web site visitor using Cascading Style Sheets. Phishers typically send massive amounts of bulk email hoping their lure will be successful. Given greater context, such lures can be more effectively tailored---perhaps even in a context aware phishing attack.

People are drawn in by websites containing fun content or something humorous, and they generally want to share it with their friends. This is considered social transmission: referral to a location based on reccommendation of peers. We measured possible malware spread using social transmission.

It is easy to "doctor" a wireless router like the ones found at home or at a local WiFi hotspot to misdirect legitimate browser links to phoney and often harmful websites.

Individuals are socialized to trust, and trust is a necessary enabler of e-commerce. The human element is the core of confidence scams, so any solution must have this element at its core.
Scammers, such as phishers and purveyors of 419 fraud, are abusing trust on the Internet. All solutions to date, such as centralized trust authorities, have failed. Net Trust is the solution -- trust technologies grounded in human behavior.

Could your browser release your personal information without your knowledge?

Exploiting comparison shopping engines to bait victims.