You’ve Been Warned - PowerPoint Presentation

373 views
Uploaded On 2016-08-10

You’ve Been Warned - PPT Presentation

Phishing Study paper 6033 Review Session May 19 2014 Background Phishing is the act of attempting to acquire sensitive information usernames passwords credit card numbers etc by masquerading as a trustworthy entity in electronic communication Wikipedia definition ID: 440823

warning phishing enter password phishing warning password enter study username amazon email warnings subjects send complete card credit information

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/440823" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Presentation The PPT/PDF document "You’ve Been Warned" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

You’ve Been Warned(Phishing Study paper)

6.033 Review Session

May 19, 2014Slide2

Background

“

Phishing

is the act of attempting to acquire sensitive information (usernames, passwords credit card numbers etc.) by masquerading as a trustworthy entity in electronic communication.” (Wikipedia definition)

The paper, from 2008, studies the effectiveness of 3 different phishing warning messages that had been integrated into web browsers at the time, and interviews users about their thought process.Slide3

Phishing Warnings Under StudySlide4

Study

Recruit people from “All over Pittsburgh”.

Tell them we’re doing an “Online Shopping Study”

(which the researchers were in fact doing simultaneously)

Put subjects in the lab, ask them to buy a box of paperclips ($6.50 incl. shipping) from Amazon or eBay using

their own

credit card and email account.

Immediately after purchase is complete, send a simulated

spear-phishing email to the subject“Amazon needs some more information to complete your international shipment; plz click link below and enter your username/password to avoid order getting canceled.”Slide5

(no warning)Slide6

Warning Comprehension

vs.Slide7

Conclusions

97% clicked the links in the emails (before warnings were shown)

With active warning, 79% did not enter username/password in phishing site

With passive warning, only 13% did not enter username/password

Even when interviewed afterwards about the attack, subjects had problem understanding what had happened (e.g. that Amazon or eBay did not in fact send the phishing email)