Newsletters Welcome, Guest Log In | Register
Home:

Interviews

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Combat Theft by Thinking Like a Phisher

by Carl Weinschenk, IT Business Edge
Aug 31, 2007 12:00:00 AM

 

Carl Weinschenk spoke with Markus Jakobsson, associate professor at Indiana University and associate director of the Center for Applied Cyber Security Research. Jakobsson runs experiments designed to gather information to combat phishing.

 

Weinschenk: Why do you do these studies?
Jakobsson: Many people think we do this to mess with people or prove the obvious, that phishing works. It's not the case. We want to measure what the vulnerabilities are. People are not single-minded. We don't know exactly what they respond to and how. There are different kinds of attacks. Some things are offensive to people and some are effective. We want to understand the human vulnerabilities. We want to know how bad various problems are so that we can compare and quantify them.

 

Weinschenk: What was the goal of the most recent set of studies?
Jakobsson: The goal of this set of studies was to establish the tendencies and types of vulnerabilities people go for. There are three good reasons for this. One is to develop better countermeasures. Imagine an airplane. All the safety features can be in place, but if the pilot can be tricked into thinking up is down, that plane is going to crash. We need to know what is going to work and what is not, and design things that do work.

 

Weinschenk: What is the second reason?
Jakobsson: The second reason is to predict trends. If a phisher would try to spoof Bank of America, he would only be able to fool people who have an account at that bank. The chances a recipient is a customer of that bank is very small. Others would not respond to their message. But the phisher could buy a URL such as www.democratic-party.us and ask for a donation in a phishing e-mail. Half of the population who receive this will say, "This is my party." Not like one out of 100 with Bank of America. One out of two saying "this is from my political party" is good for the phisher. I registered www.democratic-party.us and www.support-gop.org. Both of those are mine. Of course, we are not defrauding anyone. If people go there, it explains what is going on, and there is a phishing cartoon.

 

Weinschenk: And the third?
Jakobsson: The third reason is as an educational measure, which can be seen at www.securitycartoon.com. If we want to design an educational campaign that teaches people things they don't know but could learn, we have to understand what people understand and what they don’t. Some things are difficult for people to understand about Internet security. Maybe we can't teach them everything, but we can teach them what is necessary.


Previous Page Next Page

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Phishing

Phishing e-mails, which can look real or laughable, increasingly are targeted and sophisticated

Blog: Spear Phishing Attacks Target Law Firms, Public Relations Organizations

Article: Social Engineering Testing: It Can Come at Any Time in Many Forms

News: Phishing Scam Targets 'Verified by Visa' Authentication Program

Related Topics

E-mail Security, Network Security, Vulnerability Assessment

Featured White Papers

Browse

Lowering Your IT Costs with Oracle Database 11g Release 2

This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Resource Centers

Browse

Applications for Mid-size Businesses

Applications that mid-sized businesses can use to improve operational efficiency, accelerate growth, and maintain profitability.

Featured Whitepapers

Leveling the Field: Powerful Software Solutions for Midsize Companies

Business Intelligence

Best-practice tools, strategies and technologies for determining and managing the data you need to make better business decisions.

Featured Whitepapers

Seeing the Big Picture: A Corporate Guide to Better Decisions Through IT

Tape Storage

Disaster recovery and business continuation that includes encryption, all at a manageable TCO.

Featured Whitepapers

The Truth about Tape - Nine Myths to Reconsider

Greening IT with Server Consolidation

Learn how virtualization reduces the TCO of managing your date, while contributing towards your sustainability efforts.

Featured Whitepapers

Faster, Cheaper and Easier to Maintain: Can You Afford Not to Upgrade Your Servers to Today's Advanced, Energy-Efficient Technologies?

Premium Tools

Browse

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply six sigma thinking to IT service management.

Learn more >

ITIL V3 Foundation - Complete Certification Kit

Enhance your IT career by getting your ITIL Foundation Certificate. It's fast and easy with this complete resource. The 186-page eBook and companion online training course is guaranteed to help you pass the ITIL exam.

Learn more >