Sciweavers

WWW
2006
ACM

Designing ethical phishing experiments: a study of (ROT13) rOnl query features

15 years 1 months ago
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
We study how to design experiments to measure the success rates of phishing attacks that are ethical and accurate, which are two requirements of contradictory forces. Namely, an ethical experiment must not expose the participants to any risk; it should be possible to locally verify by the participants or representatives thereof that this was the case. At the same time, an experiment is accurate if it is possible to argue why its success rate is not an upper or lower bound of that of a real attack ? this may be difficult if the ethics considerations make the user perception of the experiment different from the user perception of the attack. We introduce several experimental techniques allowing us to achieve a balance between these two requirements, and demonstrate how to apply these, using a context aware phishing experiment on a popular online auction site which we call "rOnl". Our experiments exhibit a measured average yield of 11% per collection of unique users. This study...
Markus Jakobsson, Jacob Ratkiewicz
Added 22 Nov 2009
Updated 22 Nov 2009
Type Conference
Year 2006
Where WWW
Authors Markus Jakobsson, Jacob Ratkiewicz
Comments (0)