Phishing is a fraudulent form of email that solicits personal or financial information from the recipient, such as a password, username, or social security or bank account number. The scammer may use the illicitly obtained information to steal the victim’s money or identity or sell the information to another party. The direct costs of phishing on consumers are exceptionally high and have risen substantially over the past 12 years. Phishing experiments that simulate real world conditions can provide (...) cybersecurity experts with valuable knowledge they can use to develop effective countermeasures and prevent people from being duped by phishing emails. Although these experiments contravene widely accepted informed consent requirements and involve deception, we argue that they can be conducted ethically if risks are minimized, confidentiality and privacy are protected, potential participants have an opportunity to opt out of the research before it begins, and human subjects are debriefed after their participation ends. (shrink)

Young people are facing an ever-increasing array of online dangers. One of the most common is receipt of a phishing email. This paper presents new evidence on the characteristics of young people most likely to respond to such emails. I find approximately one-in-seven 15-year-olds are at risk of responding to a phishing email, rising to one-in-five amongst those from disadvantaged socio-economic backgrounds. Such risks are particularly high amongst young people with low levels of cognitive skill. Unfortunately, students who (...) are taught about the dangers posed by phishing emails at school are just as likely to take inappropriate actions following their receipt as their peers who have not. I thus conclude that greater emphasis and higher quality instruction needs to be provided to young people about the online risks they face, particularly to those from disadvantaged socio-economic backgrounds and low academic achievers. (shrink)

This article presents an experimental analysis of several cybersecurity risks affecting the human attack surface of Fairmont State University, a mid-size state university. We consider two social engineering experiments: a phishing email barrage and a targeted spearphishing campaign. In the phishing experiment, a total of 4,769 students, faculty, and staff on campus were targeted by 90,000 phishing emails. Throughout these experiments, we explored the effectiveness of three types of phishing awareness training. Our results show that (...) class='Hi'>phishing emails that make it through IT’s defenses pose a clear and present threat to large educational organizations. Moreover, we found that simple, visual, instructional guides are more effective training tools than long documents or interactive training. (shrink)

Spam electronic mails (emails) refer to harmful and unwanted commercial emails sent to corporate bodies or individuals to cause harm. Even though such mails are often used for advertising services and products, they sometimes contain links to malware or phishing hosting websites through which private information can be stolen. This study shows how the adaptive intelligent learning approach, based on the visual anti-spam model for multi-natural language, can be used to detect abnormal situations effectively. The application of this approach (...) is for spam filtering. With adaptive intelligent learning, high performance is achieved alongside a low false detection rate. There are three main phases through which the approach functions intelligently to ascertain if an email is legitimate based on the knowledge that has been gathered previously during the course of training. The proposed approach includes two models to identify the phishing emails. The first model has proposed to identify the type of the language. New trainable model based on Naive Bayes classifier has also been proposed. The proposed model is trained on three types of languages (Arabic, English and Chinese) and the trained model has used to identify the language type and use the label for the next model. The second model has been built by using two classes (phishing and normal email for each language) as a training data. The second trained model (Naive Bayes classifier) has been applied to identify the phishing emails as a final decision for the proposed approach. The proposed strategy is implemented using the Java environments and JADE agent platform. The testing of the performance of the AIA learning model involved the use of a dataset that is made up of 2,000 emails, and the results proved the efficiency of the model in accurately detecting and filtering a wide range of spam emails. The results of our study suggest that the Naive Bayes classifier performed ideally when tested on a database that has the biggest estimate (having a general accuracy of 98.4%, false positive rate of 0.08%, and false negative rate of 2.90%). This indicates that our Naive Bayes classifier algorithm will work viably on the off chance, connected to a real-world database, which is more common but not the largest. (shrink)

Root kit -- Buffer overflow: the space and time of cyberwar -- Injection attack: writing and the information catastrophe -- Distributed denial of service: cybernetic sovereignty -- Spear phishing: nodal subjects -- Firmware vulnerabilities.

An earlier version of this paper was presented at the 2011 IEEE International Symposium on Technology and Society at Saint Xavier University in Chicago, Illinois. The focus of this paper is to present observations related to information assurance in rural and urban populations. Based on our experience teaching college students in these environments, we have noted that on entering school, generally, individuals demonstrate limited background knowledge of a variety of computer related technologies. Students begin with a technical disadvantage that represents (...) a readily exploitable attack vector for identity thieves. Because of the experience deficit, the hazard of identity theft is significant with possible severe detrimental outcomes for the student victim. In addition, the negative impact on the society as a whole is substantial. Methods that reach beyond traditional formal computer or network security instruction in the classroom and extend information assurance education across disciplines are needed. We have explored this direction at the university and have worked on strategies to educate students about identity theft. The interdisciplinary programs outlined here span the curriculum. In addition, we suggest community outreach programs that extend the scope of influence of information assurance education beyond the university to include surrounding at risk populations. (shrink)