I discuss a range of human factors issues for cybersecurity, in particular cybersecurity awareness and education. Topics include mental models, user interfaces, and simulated attacks.
Digital Technology - Where is the learning?
Keynote presentation at the SCSSA Conference" Information and Communications Technology in the Classroom: Making a Difference to Pupil Learning Thursday 13 November 2014
The John McIntyre Conference Centre, Edinburgh
Presentation discusses the key reasons for considering mobile learning as a part of your training mix. Also covers ways to get started with mLearning quickly.
Beaming better connected schools e bookRachael White
This report provides guidance from teachers and EdTech experts into how technology, superfast internet and new approaches to connected learning can be applied to boost student engagement and attainment.
SWGfL ICT Conference 7th July 2011. Session 3h 'Engaging parents in learning through ICT: the good, the bad and the ugly.' Hosted by Iain Williams, Deputy Headteacher, Bradley Stoke Community School
Digital Technology - Where is the learning?
Keynote presentation at the SCSSA Conference" Information and Communications Technology in the Classroom: Making a Difference to Pupil Learning Thursday 13 November 2014
The John McIntyre Conference Centre, Edinburgh
Presentation discusses the key reasons for considering mobile learning as a part of your training mix. Also covers ways to get started with mLearning quickly.
Beaming better connected schools e bookRachael White
This report provides guidance from teachers and EdTech experts into how technology, superfast internet and new approaches to connected learning can be applied to boost student engagement and attainment.
SWGfL ICT Conference 7th July 2011. Session 3h 'Engaging parents in learning through ICT: the good, the bad and the ugly.' Hosted by Iain Williams, Deputy Headteacher, Bradley Stoke Community School
Moreton Bay College is a P-12 Girls’ School on the eastern outskirts of Brisbane. Three years ago the decision was taken at executive level that filtering was not the solution to our students’ cybersafety. In fact, stringent filtering was proving counter productive, as many new and potentially useful Web 2.0 sites were being blocked. The proliferation of 3G devices and the constant battle against proxy bypass sites also meant that filtering as a solution was doomed to failure. This presentation will look at the steps the school has taken to foster a climate of digital citizenship with its students inpreparation for the schools’ 1-to-1 implementation that began this year.
The New Information Ecosystem in EducationDarwin Gosal
Though the paperless university is still a distant ideal, IT heads from educational institutions across Singapore recently convened for a discussion on what they are doing to better organise the massive amounts of data and variety of documents produced and shared across their campuses.
This Enterprise Innovation Special Report on Education IT captures dialogue of the discussion and provides valuable insight into the key questions and challenges facing the modernization of education, including: What technology will most impact the education industry? How are classrooms being modernized? How do you share information between institutions? And how can document management, printing and digital archiving solutions be deployed across multiple campuses to improve efficiency?
This presentation provides an overview of how the Point2Protect service can help UK schools keep children safe while using a wide range of tablets and smartphones, both in school and at home.
Modeling People’s Place Naming Preferences in Location Sharing, at Ubicomp2010Jason Hong
Most location sharing applications display people's locations on a map. However, people use a rich variety of terms to refer to their locations, such as "home," "Starbucks," or "the bus stop near my house." Our long-term goal is to create a system that can automatically generate appropriate place names based on real-time context and user preferences. As a first step, we analyze data from a two-week study involving 26 participants in two different cities, focusing on how people refer to places in location sharing. We derive a taxonomy of different place naming methods, and show that factors such as a person's perceived familiarity with a place and the entropy of that place (i.e. the variety of people who visit it) strongly influence the way people refer to it when interacting with others. We also present a machine learning model for predicting how people name places. Using our data, this model is able to predict the place naming method people choose with an average accuracy higher than 85%.
Authors are Jialiu Lin, Guang Xiang, Jason Hong, and Norman Sadeh
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
A webinar I gave in September 2010 about protecting organizations from phishing scams. This talk is based on our research at Carnegie Mellon University.
Moreton Bay College is a P-12 Girls’ School on the eastern outskirts of Brisbane. Three years ago the decision was taken at executive level that filtering was not the solution to our students’ cybersafety. In fact, stringent filtering was proving counter productive, as many new and potentially useful Web 2.0 sites were being blocked. The proliferation of 3G devices and the constant battle against proxy bypass sites also meant that filtering as a solution was doomed to failure. This presentation will look at the steps the school has taken to foster a climate of digital citizenship with its students inpreparation for the schools’ 1-to-1 implementation that began this year.
The New Information Ecosystem in EducationDarwin Gosal
Though the paperless university is still a distant ideal, IT heads from educational institutions across Singapore recently convened for a discussion on what they are doing to better organise the massive amounts of data and variety of documents produced and shared across their campuses.
This Enterprise Innovation Special Report on Education IT captures dialogue of the discussion and provides valuable insight into the key questions and challenges facing the modernization of education, including: What technology will most impact the education industry? How are classrooms being modernized? How do you share information between institutions? And how can document management, printing and digital archiving solutions be deployed across multiple campuses to improve efficiency?
This presentation provides an overview of how the Point2Protect service can help UK schools keep children safe while using a wide range of tablets and smartphones, both in school and at home.
Modeling People’s Place Naming Preferences in Location Sharing, at Ubicomp2010Jason Hong
Most location sharing applications display people's locations on a map. However, people use a rich variety of terms to refer to their locations, such as "home," "Starbucks," or "the bus stop near my house." Our long-term goal is to create a system that can automatically generate appropriate place names based on real-time context and user preferences. As a first step, we analyze data from a two-week study involving 26 participants in two different cities, focusing on how people refer to places in location sharing. We derive a taxonomy of different place naming methods, and show that factors such as a person's perceived familiarity with a place and the entropy of that place (i.e. the variety of people who visit it) strongly influence the way people refer to it when interacting with others. We also present a machine learning model for predicting how people name places. Using our data, this model is able to predict the place naming method people choose with an average accuracy higher than 85%.
Authors are Jialiu Lin, Guang Xiang, Jason Hong, and Norman Sadeh
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
A webinar I gave in September 2010 about protecting organizations from phishing scams. This talk is based on our research at Carnegie Mellon University.
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013Jason Hong
This is a talk I gave in April 2013 at Carnegie Mellon University's CyLab weekly seminar. It describes some of our team's latest work on combining crowdsourcing with static and dynamic analysis to understand the privacy and security behaviors of smartphone apps.
Rethinking Location Sharing: Exploring the Implications of Social-Driven vs. ...Jason Hong
The popularity of micro-blogging has made general-purpose information sharing a pervasive phenomenon. This trend is now impacting location sharing applications (LSAs) such that users are sharing their location data with a much wider and more diverse audience. In this paper, we describe this as social-driven sharing, distinguishing it from past examples of what we refer to as purpose-driven location sharing. We explore the differences between these two types of sharing by conducting a comparative two-week study with nine participants. We found significant differences in terms of users' decisions about what location information to share, their privacy concerns, and how privacy-preserving their disclosures were. Based on these results, we provide design implications for future LSAs.
Authors are Karen Tang, Jialiu Lin, Jason Hong, and Norman Sadeh
Applying the Wisdom of Crowds to Usable Privacy and Security, CMU Crowdsourci...Jason Hong
A summary of my group's work in using crowdsourcing techniques and wisdom of crowds to improve privacy and security. I talked about some techniques to improve crowdsourcing for anti-phishing, some ways of using lots of location data to infer location privacy preferences, and some of our early work on using crowdsourcing to understand privacy preferences regarding smartphone apps.
OTO: Online Trust Oracle for User-Centric Trust Establishment, at CCS 2012Jason Hong
Malware continues to thrive on the Internet. Besides auto-mated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make in-formed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scal-ability and robustness. We design OTO, a system for com-municating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE’s SmartScreen Filter (SSF). The results from the between-subjects experiment with 58 par-ticipants confirm that the OTO interface helps people make correct trust decisions compared to the SSF interface regard-less of their security knowledge, education level, occupation, age, or gender.
Authors are Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, and Debin Gao
Why People Hate Your App: Making Sense of User Feedback in a Mobile App Stor...Jason Hong
User review is a crucial component of open mobile app markets such as the Google Play Store. How do we automatically summarize millions of user reviews and make sense out of them? Unfortunately, beyond simple summaries such as histograms of user ratings, there are few analytic tools that can provide insights into user reviews. In this paper, we propose WisCom, a system that can analyze tens of millions user ratings and comments in mobile app markets at three dierent levels of detail. Our system is able to (a) discover inconsistencies in reviews; (b) identify reasons why users like or dislike a given app, and provide an interactive, zoomable view of how users' reviews evolve over time; and (c) provide valuable insights into the entire app market, identifying users' major concerns and preferences of different types of apps. Results using our techniques are reported on a 32GB dataset consisting of over 13 million user reviews of 171,493 Android apps in the Google Play Store. We discuss how the techniques presented herein can be deployed to help a mobile app market operator such as Google as well as individual app developers and end-users.
Bin Fu, Jialiu Lin, Lei Li, Jason Hong, Christos Faloutsos, Norman Sadeh
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People N...Jason Hong
Slides from 2007 on the design and evaluation of Anti-Phishing Phil, a game that teaches people how to avoid phishing attacks.
In this paper we describe the design and evaluation of Anti-Phishing Phil, an online game that teaches users good habits to help them avoid phishing attacks. We used learning science principles to design and iteratively refine the game. We evaluated the game through a user study: participants were tested on their ability to identify fraudulent web sites before and after spending 15 minutes engaged in one of three anti-phishing training activities (playing the game, reading an anti-phishing tutorial we created based on the game, or reading existing online training materials). We found that the participants who played the game were better able to identify fraudulent web sites compared to the participants in other conditions. We attribute these effects to both the content of the training messages presented in the game as well as the presentation of these materials in an interactive game format. Our results confirm that games can be an effective way of educating people about phishing and other security attacks.
Authors are Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Cranor, Jason Hong, and Elizabeth Nunge
Exploring Capturable Everyday Memory for Autobiographical Authentication, at ...Jason Hong
We explore how well the intersection between our own everyday memories and those captured by our smartphones can be used for what we call autobiographical authentication—a challenge-response authentication system that queries users about day-to-day experiences. Through three studies—two on MTurk and one field study—we found that users are good, but make systematic errors at answering autobiographical questions. Using Bayesian modeling to account for these systematic response errors, we derived a formula for computing a confidence rating that the attempting authenticator is the user from a sequence of question-answer responses. We tested our formula against five simulated adversaries based on plausible real-life counterparts. Our simulations indicate that our model of autobiographical authentication generally performs well in assigning high confidence estimates to the user and low confidence estimates to impersonating adversaries.
Siren: Context-aware Computing for Firefighting, at Pervasive2004Jason Hong
Based on an extensive field study of current firefighting practices, we have developed a system called Siren to support tacit communication between firefighters with multiple levels of redundancy in both communication and user alerts. Siren provides a foundation for gathering, integrating, and distributing contextual data, such as location and temperature. It also simplifies the development of firefighting applications using a peer-to-peer network of embedded devices through a uniform programming interface based on the information space abstraction. As a proof of concept, we have developed a prototype context-aware messaging application in the firefighting domain. We have evaluated this application with firefighters and they have found it to be useful for improving many aspects of their current work practices.
Informal PUIs: No Recognition Required, at AAAI 2002 workshopJason Hong
The limitations of graphical user interfaces have slowed the spread of computer usage to the entire population. Perceptual user interfaces are one approach that can overcome many of these limitations. Adding perceptual capabilities, such as speech, sketching, and vision, is the key to making interfaces more effective. We argue that informal user interfaces, which do little or no up-front recognition of the perceptual input, have important applications and should not be forgotten by perceptual user interface researchers.
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Jason Hong
Talk I gave at ISSA 2013 CISO forum, looking at some human factors issues in cybersecurity. I discuss some of our research in anti-phishing, user interfaces, mental models of cybersecurity, and ways of motivating people.
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...Jason Hong
In this position paper, we argue that usable privacy and security is a grand challenge that needs more attention from the HCI community. We also discuss benefits to and new challenges for HCI, and use our research experiences to provide a critique of HCI.
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
Talk Feb2019 at UCSD's Halıcıoğlu Data Science Institute, Security and Privacy at the Edge: Challenges and Future Directions
In the near future, our smart devices will know almost everything about us. These devices, combined with AI technologies, will offer many opportunities to vastly improve society in positive ways. However, these same technologies also pose dramatic new challenges for privacy and for ethics. In this talk, I'll sketch out why privacy is so hard to tackle, how and why we have failed in privacy and ethics in web and smartphones, and discuss some possible social, legal, and technical approaches for steering IoT in more positive directions.
http://datascience.ucsd.edu/security-and-privacy-symposium/venue.html
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Jason Hong
Talk Feb2019 at Lakehead University for Rise of the Machines
In the near future, our smart devices will know almost everything about us. These devices offer the opportunity to vastly improve our healthcare, urban planning, safety, and more. However, these same devices also pose dramatic new challenges for privacy and for ethics. In this talk, I'll discuss how these smart devices work, what they can learn about us, and what we need to make sure that the benefits of these technologies vastly outweigh the costs.
https://www.lakeheadu.ca/about/news-and-events/news/archive/2019/node/50549
Slides used in workshop session A on "" at the IWMW 2007 event held at the University of York on 16-18 July 2007.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2007/sessions/tonkin/
Philly ETE 2016: Securing Software by Constructionjxyz
The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
http://2016.phillyemergingtech.com/session/securing-software-by-construction/
This is a North Central University PowerPoint presentation (EDR 8204-3). It is written in APA format, has been graded by an instructor(A), and includes references. Most education communities submit assignments to turnitin, so remember to paraphrase.
Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at ...Jason Hong
June 2015
This talk looks at our team's ongoing work in using social psychology and diffusion of innovations to improve cybersecurity. It also reflects on the role of theory, in terms of offering inspiration for new ideas, a useful vocabulary, guidance for what to build and how to build things better, as well as insight into the problem space. This talk also offers some advice for people building theories, adapting Pasteur's quadrant and Diffusion of Innovations to theory, to help people who build and design systems.
Harnessing UEBA and Machine Learning technologies to protect enterprises from...ZoneFox
Cybersecurity trends come and go, but machine learning looks to be here to stay. According to a recent survey, 43% of of data breaches in recent years were caused by employees, contractors or suppliers, either negligently or maliciously. How can we harness UEBA and machine learning technologies to protect against the insider threat?
Otago Polytechnic BIT Project Dragons's Den
Explanation and videos: https://project.ict.op.ac.nz/index.php?title=February_start_2014_communications/Dragons%27_Den_Semester_1_2014
A CAUDIT Webinar investigating the findings of the ACODE sector scan on online proctoring tools being used in Australasia for online exams. It looks at the issues risks and affordances
Similar to Leveraging Human Factors for Effective Security Training, at FISSEA Mar2012 (20)
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
On the left is Nissan Maxima gear shift. It turns out my brother was driving in 3 rd gear for over a year before I pointed out to him that 3 and D are separate. The older Nissan Maxima gear shift on the right makes it hard to make this mistake.
These findings led us to think about how to educate and train people about phishing attacks…
http://news.cnet.com/21007350_361252132.html
These findings led us to think about how to educate and train people about phishing attacks…
These findings led us to think about how to educate and train people about phishing attacks…
ASSUME THAT THIS IS YOUR EMAIL INBOX AND AMONG OTHER EMAILS.. YOU THIS EMAIL FROM AMAZON THAT JUST LOOKS LIKE THE LEGITIMATE EMAIL FROM AMAZON. WHEN YOU OPEN THE EMAIL ….
YOU WILL SEE THIS.. WHICH LOOKS LEGITIMATE.. AND WITH THE DATA THAT WE HAVE .. WE KNOW THAT MOST OF THE USERS WILL CLICK ON THE LINK.. WHEN THEY CLICK ON THE LINK THEY WILL SEE ….
P. Kumaraguru et al. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. CHI 2007. P. Kumaraguru et al. Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer . eCrime 2007.
Our evaluation of several blacklists show they catch ~80% of phish after 24 hours, not very good in first few hours Also only catch “shotgun phish” rather than spear-phish
S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. CHI 2008.