Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class Activity: User Education on SNS Phishing. Contextual Training Users are sent simulated phishing emails by the experimenter to test user’s vulnerability.

Published byOwen Edgar Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "Class Activity: User Education on SNS Phishing. Contextual Training Users are sent simulated phishing emails by the experimenter to test user’s vulnerability."— Presentation transcript:

1 Class Activity: User Education on SNS Phishing

2 Contextual Training Users are sent simulated phishing emails by the experimenter to test user’s vulnerability regarding phishing attacks At the end of the study, user is notified about phishing attacks No immediate feed-back

3 Embedded Training Teaches user about phishing during regular usage of the application, such as email

4 Reflection Principle Reflection is the process by which learners are made to stop and think about what they’re learning

5 Story-based Agent Environment Principle Agents are characters that help users regarding learning process

6 Conceptual-Procedural Principle Conceptual & Procedural knowledge influence one and another

7 Demo of Anti-Phishing Phil http://wombatsecurity.com/antiphishingphil

8 Another Form of Phishing Attack Full Screen API Demo

9 Ad-Click Demo http://www.yahoo.com/

10 User Should Reject Security Advice? User rejecting security advice is rational from an economic perspective 100% of certificate error warnings appear to be false positive Most security advices provide poor cost-benefit tradeoff to users and is rejected How can we blame users for not adhering to certificate warnings when vast majority of them are false positives?

11 Users are the Weakest Link in Security Why attack machines when users are so easy to target? Most large web-sites offer security tips to users Not so effective however Users are lazy

12 Why Do Users Disregard Security Warnings? Overwhelmed Benefits are moot or perceived as moot Strong password does nothing in presence of keylogger How often does user perceive a real attack?

13 Password Policies

14 Teaching Users to Identify Phishing Sites By Reading URL Phishers quickly evolve

15 Certificate Errors Type https://www.paypal.comhttps://www.paypal.com Type http://www.paypal.comhttp://www.paypal.com Type paypal control + enter Search Google for PayPal and click link Click bookmarked https://www.paypal.comhttps://www.paypal.com Click bookmarked http://www.paypal.comhttp://www.paypal.com Problems?

16 Discussion

Download ppt "Class Activity: User Education on SNS Phishing. Contextual Training Users are sent simulated phishing emails by the experimenter to test user’s vulnerability."

Similar presentations

PayPal Phishing Example. Can you tell which is real? 1. 2.

PayPal Phishing Example. Can you tell which is real? 1. 2.
You are responsible for security of your internet banking transactions ONLINE.

You are responsible for security of your internet banking transactions ONLINE.
CIM Student Employment - TimesheetX

CIM Student Employment - TimesheetX
Electronic Proposal Development and Submission Module 2 Introduction to Cayuse 424 Research Suite Product Support m.

Electronic Proposal Development and Submission Module 2 Introduction to Cayuse 424 Research Suite Product Support m.
Let’s Set Up Google. Open your Google Chrome Browser.

Let’s Set Up Google. Open your Google Chrome Browser.
C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.

C MU U sable P rivacy and S ecurity Laboratory Anti-Phishing Phil The Design and Evaluation of a Game That Teaches People Not to.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.

Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Jason Rich CIS - 158 1.  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.

Jason Rich CIS  The purpose of this project is to inform the audience about the act of phishing. Phishing is when fake websites are created.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
User Education Baik Sangyong Cheng Zeng. Agenda Why Need User Education Examples of User Education Security-Reinforcing Application for User Education.

User Education Baik Sangyong Cheng Zeng. Agenda Why Need User Education Examples of User Education Security-Reinforcing Application for User Education.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Screenshots for Contextual Inquiry Brad Myers and Gus Prevas HCI in eCommerce For scenario shown in video: 88.5 mb mpeg 88.5 mb mpeg.

Screenshots for Contextual Inquiry Brad Myers and Gus Prevas HCI in eCommerce For scenario shown in video: 88.5 mb mpeg 88.5 mb mpeg.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education www.teachingprivacy.org 1.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.

PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
LRHSD GOOGLE ACCOUNTS STEP 1 – go to docs.google.com and log in with your school email (if you don’t know if you have an account, click on “CANNOT ACCESS.

LRHSD GOOGLE ACCOUNTS STEP 1 – go to docs.google.com and log in with your school (if you don’t know if you have an account, click on “CANNOT ACCESS.

Similar presentations

Ads by Google