Online game helps people recognize Internet scams

September 25, 2007

PITTSBURGH -- Carnegie Mellon University computer scientists have developed an interactive, online game featuring a little fish named Phil that can teach people how to better recognize and avoid email "phishing" and other Internet scams.

In testing at the Carnegie Mellon Usable Privacy and Security (CUPS) Laboratory, people who spent 15 minutes playing the Anti-Phishing Phil game were better able to identify fraudulent Web sites than people who spent the same amount of time reading anti-phishing tutorials or other online training materials.

Now, the CUPS Lab wants to see how Anti-Phishing Phil performs when he swims in a bigger, more diverse pond. As part of a field test, researchers ask people to visit http://cups.cs.cmu.edu/antiphishing_phil/ and click on the "Play the game!" link. Participants will be asked to take a short quiz, play the game and then take another quiz. Those who leave their email address and participate in a follow-up quiz a week later will be eligible for a raffle prize of a $100 Amazon.com gift card.

Phishing attacks attempt to trick people into revealing personal information or bank or credit card account information. Often, they involve emails that appear to be from a legitimate business, such as a bank, and direct recipients to visit a Web site that likewise appears to belong to that business. There they are asked to "verify" account information. In addition to spoof emails and counterfeit Web sites, some attacks even mimic parts of a user's own Web browser.

"We believe education is essential if people are to avoid being ripped off by these phishing attacks and similar online scams," said Lorrie Cranor, associate research professor in the School of Computer Science's Institute for Software Research and director of the CUPS Lab. "Unlike viruses or spyware, phishing attacks don't exploit weaknesses in a computer's hardware or software, but take advantage of the way people use their computers and their often-limited knowledge of the way computers work."

Security experts disagree about whether user education is effective in reducing vulnerability to increasingly sophisticated phishing attacks. But Steve Sheng, a Ph.D. student in Carnegie Mellon's Engineering and Public Policy Department and lead developer of Anti-Phishing Phil, presented results of a lab study at the Symposium on Usable Privacy and Security this past July, showing that training could improve people's ability to correctly identify legitimate and illegitimate Web sites. The game format of Anti-Phishing Phil proved particularly effective, improving the users' accuracy from 69 percent prior to training to 87 percent after playing the game.

"We designed the game to teach people how to use Web addresses, or URLs, to identify phishing Web sites," said Sheng. "That tactic can also be useful in analyzing suspicious email messages."

In addition to Cranor and Sheng, Anti-Phishing Phil developers include Carnegie Mellon faculty members Jason Hong and Alessandro Acquisti, and students Bryant Magnien and Ponnurangam Kumaraguru. CUPS has also collaborated with Portugal Telecom to develop a Portuguese version of the game called Anti-Phishing Ze (http://seguranca.sapo.pt/phishingze/).

The Anti-Phishing Phil project is part of a larger anti-phishing research effort at Carnegie Mellon funded by the National Science Foundation and the Army Research Office. For more information, see http://cups.cs.cmu.edu/trust/.
-end-
About Carnegie Mellon:

Carnegie Mellon is a private research university with a distinctive mix of programs in engineering, computer science, robotics, business, public policy, fine arts and the humanities. More than 10,000 undergraduate and graduate students receive an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration, and innovation. A small student-to-faculty ratio provides an opportunity for close interaction between students and professors. While technology is pervasive on its 144-acre Pittsburgh campus, Carnegie Mellon is also distinctive among leading research universities for the world-renowned programs in its College of Fine Arts. A global university, Carnegie Mellon has campuses in Silicon Valley, Calif., and Qatar, and programs in Asia, Australia and Europe. For more, see www.cmu.edu.

Carnegie Mellon University

Related Computer Articles from Brightsurf:

UCLA computer scientists set benchmarks to optimize quantum computer performance
Two UCLA computer scientists have shown that existing compilers, which tell quantum computers how to use their circuits to execute quantum programs, inhibit the computers' ability to achieve optimal performance.

Digitize your dog into a computer game
Researchers from CAMERA at the University of Bath have developed motion capture technology that enables you to digitise your dog without a motion capture suit and using only one camera.

Stabilizing brain-computer interfaces
Researchers from Carnegie Mellon University (CMU) and the University of Pittsburgh (Pitt) have published research in Nature Biomedical Engineering that will drastically improve brain-computer interfaces and their ability to remain stabilized during use, greatly reducing or potentially eliminating the need to recalibrate these devices during or between experiments.

Computer-generated genomes
Professor Beat Christen, ETH Zurich to speak in the AAAS 2020 session, 'Synthetic Biology: Digital Design of Living Systems.' Christen will describe how computational algorithms paired with chemical DNA synthesis enable digital manufacturing of biological systems up to the size of entire microbial genomes.

Computer-based weather forecast: New algorithm outperforms mainframe computer systems
The exponential growth in computer processing power seen over the past 60 years may soon come to a halt.

A computer that understands how you feel
Neuroscientists have developed a brain-inspired computer system that can look at an image and determine what emotion it evokes in people.

Computer program looks five minutes into the future
Scientists from the University of Bonn have developed software that can look minutes into the future: The program learns the typical sequence of actions, such as cooking, from video sequences.

Computer redesigns enzyme
University of Groningen biotechnologists used a computational method to redesign aspartase and convert it to a catalyst for asymmetric hydroamination reactions.

Mining for gold with a computer
Engineers from Texas A&M University and Virginia Tech report important new insights into nanoporous gold -- a material with growing applications in several areas, including energy storage and biomedical devices -- all without stepping into a lab.

Teaching quantum physics to a computer
An international collaboration led by ETH physicists has used machine learning to teach a computer how to predict the outcomes of quantum experiments.

Read More: Computer News and Computer Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.