Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.



Ryan Wright - University of San Francisco

Ryan Wright

on 17 April 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Phishing

Agenda What is Phishing
Theoretical Perspective
Practical Implications
Future Research Phishing is..... " the practice of directing users to fraudulent websites to obtain sensitive information" Credit Card Number
Social Security Numbers
etc.... (Dhamija et al., 2006) Motivation 1 in 509 email messages are phishing
US ~$929,000,000 in loses
Average phishing site is alive for 5 day Past Phishing Research Jagatic et al., 2005
Liu et al., 2006
Dhamija et al., 2006
Wu et al., 2006
Wright et al. 2008
Wright & Marett, 2010
Wright et al., 2012
Wright et al., 2012 Past Phishing Research Wu et al., 2006
Impact of anti-phishing toolbars
Only prevented 35% of users for being tricked Liu et al. 2006
Visual Characteristics
Style page content

Results: even computer algorithms
had a hard time telling the difference Dhamija et al., 2006
HCI Properties
Good site fool 90%
No significant difference between:
Computer Use
Knowledge of phishing Wright et al. 5 Studies
Wright & MArett (2010)
300 plus subjects
Behavioral Profiles of the Deceived

Wright, Marett, Chakraborty and Basoglu, 2010
400 plus subjects and 30 plus interviews
Behavior Profiles of Detected Deception

Wright et al. 2012
Persuasion Wright et al. 2013
Training for deception 2005 2013 2012 2006 Theory of Deception N = 1224 Subject: large mid-western university
Average 21 Years Old
52% Male Demographics Treatments DV = Binary (Answered with code or not)
Mimic = (Real EDU, spoofed EDU, Mail.com)
Low (Baseline)
Name Dropping
Call to Action Omnibus Model: 2 = 49.28, p < .000
R-Squared of .263 Logistic Regression Limitations Student Subjects

Phishing event lead to priming

We targeted information we knew they had

Lacked generalizability but gained in precision
(Dennis & Valacich 1999; McGrath 1989) Training/Education
Corporate Polices
Consumers Awareness

Personal Decisions
Algorithm(s) for Detection Implications Future Research 1 - Explore the Factors Individually

2 - Test against other heterogeneous samples

3 - Timing
When to Phish
Response Time Here is my SSC “XXXXXX". I hope that the database will get fixed very soon. Best of luck to you on fixing the database. My Network ID is XXXXX, my password is XXXX, My Student Number is XXXXX, my super secure Code is XXXXX, my home number is XXXXX Hi, this is Andrew XXX (ID#XXX). My super secure password to log onto TAIT is XXX. Again that is XXX. I’m unsure of my SSC but I think my mom knows it.
Her email address is XXXXX and her cell number is XXX. Qualitative Findings Deceptive Communication:
The Case of Phishing Ryan Wright Source: antiphishing.org / Microsoft research Jagatic et al., 2005
Social networking and phishing scams
72% users respondents from address of know user 36 Hours - Responses 4 Days - Responses
Full transcript