Hooking phishers of men and women

Nov 25, 2013

Phishing is a fraudulent attempt seeking to acquire money, confidential information or other gain such as usernames, passwords or credit card details from people by masquerading as a trustworthy entity such as a bank, service provider, social network, email systems or institutions. In order to improve security and reduce the risk that any of us is caught out by a phishing attack there is a need to carry out research so that countermeasures can be designed. Unfortunately, in carrying out such research it is possible for the scientists taking part to come unstuck by laws that are in place to protect users from the very attacks they wish to study.

Writing in the International Journal of Intellectual Property Management, UK researchers explain how the legal framework and ethical considerations involved in mobile and computer security research must be updated to allow such research to take place without legal impediment. Rasha Salah El-Din of the Department of Computer Science at the University of York working with Lisa Sugiura of the University of Southampton, explain how they were studying mobile users' susceptibility to phishing attacks, through the use of deception in research and discovered that they were subject to regulations concerning its use. The regulations were implemented despite the fact that their covert work was for the benefit of users and did not represent a fraudulent phishing attack in itself.

As a result of this, the team suggests that the research community needs to start a dialogue on self-regulation and boundaries of legal and ethical conduct. "We are currently in the process of organising an international conference to discuss the legal and ethical challenges that face phishing researchers," the team says. "The conference will source multi-discipline expertise including: phishing researchers, board members of ethics committees, law professionals and industries affected by phishing such as and banks."

They point out that while deception is a well-established research methodology in psychology research projects, there is no clear law on whether or not deception is allowable in security or phishing research.

Explore further: Vulnerability to phishing scams may be linked to personality, study shows

More information: "To deceive or not to deceive! Legal implications of phishing covert research" in Int. J. Intellectual Property Management, 2013, 6, 285-293

add to favorites email to friend print save as pdf

Related Stories

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Google finds hack attempts on eve of Iran election

Jun 13, 2013

(AP)—Google says it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in an effort the company believes is an attempt to influence the country's upcoming election.

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0