Hooking phishers of men and women

Nov 25, 2013

Phishing is a fraudulent attempt seeking to acquire money, confidential information or other gain such as usernames, passwords or credit card details from people by masquerading as a trustworthy entity such as a bank, service provider, social network, email systems or institutions. In order to improve security and reduce the risk that any of us is caught out by a phishing attack there is a need to carry out research so that countermeasures can be designed. Unfortunately, in carrying out such research it is possible for the scientists taking part to come unstuck by laws that are in place to protect users from the very attacks they wish to study.

Writing in the International Journal of Intellectual Property Management, UK researchers explain how the legal framework and ethical considerations involved in mobile and computer security research must be updated to allow such research to take place without legal impediment. Rasha Salah El-Din of the Department of Computer Science at the University of York working with Lisa Sugiura of the University of Southampton, explain how they were studying mobile users' susceptibility to phishing attacks, through the use of deception in research and discovered that they were subject to regulations concerning its use. The regulations were implemented despite the fact that their covert work was for the benefit of users and did not represent a fraudulent phishing attack in itself.

As a result of this, the team suggests that the research community needs to start a dialogue on self-regulation and boundaries of legal and ethical conduct. "We are currently in the process of organising an international conference to discuss the legal and ethical challenges that face phishing researchers," the team says. "The conference will source multi-discipline expertise including: phishing researchers, board members of ethics committees, law professionals and industries affected by phishing such as and banks."

They point out that while deception is a well-established research methodology in psychology research projects, there is no clear law on whether or not deception is allowable in security or phishing research.

Explore further: Profile of likely e-mail phishing victims emerges in human factors/ergonomics research

More information: "To deceive or not to deceive! Legal implications of phishing covert research" in Int. J. Intellectual Property Management, 2013, 6, 285-293

add to favorites email to friend print save as pdf

Related Stories

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Google finds hack attempts on eve of Iran election

Jun 13, 2013

(AP)—Google says it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in an effort the company believes is an attempt to influence the country's upcoming election.

Recommended for you

Brazil enacts Internet 'Bill of Rights'

2 hours ago

Brazil's president signed into law on Wednesday a "Bill of Rights" for the digital age that aims to protect online privacy and promote the Internet as a public utility by barring telecommunications companies ...

Brazil passes trailblazing Internet privacy law

Apr 23, 2014

Brazil's Congress on Tuesday passed comprehensive legislation on Internet privacy in what some have likened to a web-user's bill of rights, after stunning revelations its own president was targeted by US ...

User comments : 0

More news stories

SK Hynix posts Q1 surge in net profit

South Korea's SK Hynix Inc said Thursday its first-quarter net profit surged nearly 350 percent from the previous year on a spike in sales of PC memory chips.

FCC to propose pay-for-priority Internet standards

The Federal Communications Commission is set to propose new open Internet rules that would allow content companies to pay for faster delivery over the so-called "last mile" connection to people's homes.

Brazil enacts Internet 'Bill of Rights'

Brazil's president signed into law on Wednesday a "Bill of Rights" for the digital age that aims to protect online privacy and promote the Internet as a public utility by barring telecommunications companies ...

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

When things get glassy, molecules go fractal

Colorful church windows, beads on a necklace and many of our favorite plastics share something in common—they all belong to a state of matter known as glasses. School children learn the difference between ...

FDA proposes first regulations for e-cigarettes

The federal government wants to prohibit sales of electronic cigarettes to minors and require approval for new products and health warning labels under regulations being proposed by the Food and Drug Administration.