Menu
Can you spot a phish?

Can you spot a phish?

Scientists at Carnegie Mellon University have developed an online game designed to teach Internet users about the dangers of phishing.

Featuring a cartoon fish named Phil, the game, called Anti-Phishing Phil, has been tested in CMU's Privacy and Security Laboratory. Officials with the lab say users who spent 15 minutes playing the interactive, online game were better able to discern fraudulent web sites than those who simply read tutorials about the threat.

The game focuses on teaching internet users how to tell the URL of a fraudulent site from a legitimate one, officials say. It offers tips such as examining URLs for misspellings of popular sites, dissecting a Web address to understand where it's pointing to, and using Google to validate a URL against search results.

The lab has now decided to open up the game for broader testing. Visitors to the site who click on "play the game" are given a short quiz, play the game, and then take another quiz, officials say. Visitors who submit their email addresses and take a follow-up quiz the next week are entered in a raffle to win a US$100 Amazon.com gift card.

The game was developed to help raise awareness about phishing attacks, in which spam emails that appear to come from a legitimate bank or retail organisation try to lure the recipient into entering personal or financial information into a fraudulent Web site, where it can be stolen and used in identity theft.

More than viruses and other malware, users run the risk of falling prey to a phishing attack because these scams rely on social engineering and can't be protected against by technology, professors at the lab say.

While security experts argue the effectiveness in educating users to be aware of phishing scams, the Ph.D. student who developed Anti-Phishing Phil, Steve Sheng, this summer presented results of a study showing that training improved Internet users' ability to tell a legitimate web site from a fraudulent one. According to Sheng's research, users in the study improved their accuracy in spotting fake sites from 69 percent before playing the game to 87 percent after.

This project is part of a larger CMU antiphishing research initiative funded by the National Science Foundation and the Army Research Office.

GO TO:

2007 to 2027: The shapes of things to come in IT

What won't change. what might change, what will change


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags carnegie mellon

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments