Phishers caught hook, line and sinker

 

Gallery

By Stuart Turton

Posted on 26 Sep 2007 at 16:14

Computer scientists at Carnegie Mellon University have created an online game designed to teach web users how to recognise and avoid phishing attacks.

The game features a fish called Phil which the player must guide to the good worms while avoiding the bad worms, which are identified by their legitimate and fake URL addresses. There are four rounds in the game, each one harder than the previous and focusing on a different type of deceptive URL.

Group tests conducted by the university's Usable Privacy and Security (Cups) lab reveals that people who spend 15 minutes playing the game are better able to identify fraudulent websites than people who spend the same amount of time reading anti-phishing tutorials online.

"We developed this as part of our larger anti-phishing research efforts," Cups Lab director Lorrie Cranor tells PC Pro.

"We have found that anti-phishing education can be effective if you can get people to pay attention to it, but it is difficult to get them to pay attention. We thought that by presenting the materials as a game people would be more interested and engaged."

"We are also working with the US Airforce to deploy it as part of their cyber safety training programme for Airmen. We are also in conversations with a number of large companies about incorporating this game into their employee training programs."