Hooking phishers of men and women

Nov 25, 2013

Phishing is a fraudulent attempt seeking to acquire money, confidential information or other gain such as usernames, passwords or credit card details from people by masquerading as a trustworthy entity such as a bank, service provider, social network, email systems or institutions. In order to improve security and reduce the risk that any of us is caught out by a phishing attack there is a need to carry out research so that countermeasures can be designed. Unfortunately, in carrying out such research it is possible for the scientists taking part to come unstuck by laws that are in place to protect users from the very attacks they wish to study.

Writing in the International Journal of Intellectual Property Management, UK researchers explain how the legal framework and ethical considerations involved in mobile and computer security research must be updated to allow such research to take place without legal impediment. Rasha Salah El-Din of the Department of Computer Science at the University of York working with Lisa Sugiura of the University of Southampton, explain how they were studying mobile users' susceptibility to phishing attacks, through the use of deception in research and discovered that they were subject to regulations concerning its use. The regulations were implemented despite the fact that their covert work was for the benefit of users and did not represent a fraudulent phishing attack in itself.

As a result of this, the team suggests that the research community needs to start a dialogue on self-regulation and boundaries of legal and ethical conduct. "We are currently in the process of organising an international conference to discuss the legal and ethical challenges that face phishing researchers," the team says. "The conference will source multi-discipline expertise including: phishing researchers, board members of ethics committees, law professionals and industries affected by phishing such as and banks."

They point out that while deception is a well-established research methodology in psychology research projects, there is no clear law on whether or not deception is allowable in security or phishing research.

Explore further: ICANN chief stepping down in early 2016

More information: "To deceive or not to deceive! Legal implications of phishing covert research" in Int. J. Intellectual Property Management, 2013, 6, 285-293

Related Stories

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Google finds hack attempts on eve of Iran election

Jun 13, 2013

(AP)—Google says it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in an effort the company believes is an attempt to influence the country's upcoming election.

Recommended for you

ICANN chief stepping down in early 2016

18 hours ago

The head of the group that oversees all Internet addresses will step down early next year, after a plan to end US oversight of the key nonprofit organization.

How alternative currencies could catch on and cash in

22 hours ago

Alternatives to cash, like Bitcoin and Uber, may never replace the coins in our pockets or paper bills in our wallets, but they are creating significant social and economic impacts, and with some design adjustments, ...

Spotify introduces video, radio service

May 20, 2015

While saying that it is still a music company at heart, Spotify says it is expanding its lineup to include podcasts, news radio and video streaming.

For US allies, paradigm shift in intelligence collection

May 20, 2015

Fearful of an expanding extremist threat, countries that for years have relied heavily on U.S. intelligence are quickly building up their own capabilities with new technology, new laws and—in at least one ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.