PITTSBURGH, PA 5/2/2010 2:40:16 AM
Young People Easy Targets of Phishing Attacks
Study reveals that all age groups exhibit alarming levels of vulnerability
The results of a recent study of 515 Carnegie Mellon University faculty, staff, and students led by Wombat Security Technologies' co-founders Dr. Lorrie Cranor and Dr. Jason Hong revealed that 18-25 year olds were consistently more susceptible to phishing attacks than older participants.
The study involved sending the participants fake spear phishing emails that contained a phishing URL. When they clicked on the simulated phishing link, they were shown cartoons telling them about phishing and how to avoid similar spear phishing attacks in the future. All participants were sent a series of three legitimate and seven simulated spear phishing emails over 28 days.
Drs. Cranor and Hong analyzed user demographics to see if age was a factor in susceptibility to phishing. Their findings show that people in the 18-25 age group were more prone to consistently falling for phishing emails than older participants, though all age groups exhibited alarming levels of vulnerability with the average likelihood of someone falling for a spear phishing attack at 46.4 percent.
The tools used in this study have been incorporated into Wombat's PhishGuru service, a unique anti-phishing training solution that allows organizations to train their users by sending them fake spear phishing emails. When a user falls for a simulated attack and clicks on the URL, PhishGuru takes advantage of the "teachable moment" to pop up engaging training in the form of a cartoon that offers steps to avoid falling for these attacks. With PhishGuru, system administrators can craft monthly or quarterly email campaigns, select among a number of training messages, and assess the vulnerability of their users.
"This approach can be used to introduce users to new threats and train those who are most susceptible to phishing attacks," said Dr. Norman Sadeh, CEO and co-founder of Wombat. The study also showed that users trained with Wombat's PhishGuru service retain knowledge even after 28 days, and adding follow-up training once a month decreases the likelihood of users falling for a phishing attack by 50 percent or more.
For more info, visit Wombat Security Technologies at www.wombatsecurity.com.
To read more reports on Internet safety for students and school staff, visit School Safety Partners at www.SchoolSafetyPartners.org.
