recent news

NSF Awards CyLab’s Norman Sadeh and Columbia’s Bellovin $1.2M to Research for New Family of User-Controllable Policy Learning Technologies

New Web-Based Security Test Suite from CyLab’s Collin Jackson, with Google & UC Berkeley

Sixth Annual CyLab Corporate Partners Conference Highlights Vital Research and Urgent Issues

CyLab Technical Director Adrian Perrig Wins Prestigious “Security 7” Award From Information Security Magazine

CyLab Founder Pradeep K. Khosla To Receive Prestigious Academic Excellence Award at 2009 Pan IIT Conference

[see all cylab news]

recent CyLab Chronicles

Q&A with Collin Jackson

Q&A with Patrick Tague

Q&A with Jonathan McCune

Q&A with Dena Haritos Tsamitis

Q&A with Anupam Datta

[see all cylab chronicles]

 

cylab NEWS

CyLab's Cranor Publishes in Scientific American --"How to Foil Phishing Scams"

posted by Richard Power

Carnegie Mellon CyLab's Lorrie Faith Cranor, Associate Professor of Computer Science, Engineering and Public Policy, and Director of CyLab's Usable Privacy and Security Laboratory, has published a feature article in the December 2008 issue of Scientific American, entitled, "How to Foil 'Phishing' Scams." This article describes the phishing problem and reports on the work of several CyLab faculty and students to develop anti-phishing tools as part of CyLab's Supporting Trust Decisions Project.

Here are a few brief excerpts followed by a link to the full text:

Since phishing plays on human vulnerabilities -- a successful attack requires a victim to succumb to the lure and take some action -- it is also not strictly a technological problem. For that reason, my research group at Carnegie Mellon University is studying the best ways to teach people to recognize and avoid phishing scams. This research, in turn, is informing our designs of anti-phishing software so people are more likely to use it correctly.

Although we have shown that we can teach people to protect themselves from phishers, even those educated users must remain vigilant and may require periodic retraining to keep up with phishers' evolving tactics.

Because phishers are such determined criminals, individual computer users cannot be expected to defend themselves alone. Our group also develops automatic filters that can identify likely phishing attacks. But in this work, too, we have found that human responses can be critical to a filter's success.

By constantly improving phishing detection software and educating users about new types of phishing attacks as they are discovered, the number of phishing victims can be reduced. Coordinating international law-enforcement efforts and finding ways to make phishing less lucrative will also help. Still, phishing remains an arms race that will be hard to eliminate completely without stopping it at the source, so consumers need every form of protection they can get.

Lorrie Faith Cranor, "How to Foil 'Phishing' Scams," Scientific American, December 2008

 

Copyright (c) 2009 Carnegie Mellon CyLab Partner login | Carnegie Mellon Home
All Rights Reserved. Privacy Policy