Hooking phishers of men and women

Nov 25, 2013

Phishing is a fraudulent attempt seeking to acquire money, confidential information or other gain such as usernames, passwords or credit card details from people by masquerading as a trustworthy entity such as a bank, service provider, social network, email systems or institutions. In order to improve security and reduce the risk that any of us is caught out by a phishing attack there is a need to carry out research so that countermeasures can be designed. Unfortunately, in carrying out such research it is possible for the scientists taking part to come unstuck by laws that are in place to protect users from the very attacks they wish to study.

Writing in the International Journal of Intellectual Property Management, UK researchers explain how the legal framework and ethical considerations involved in mobile and computer security research must be updated to allow such research to take place without legal impediment. Rasha Salah El-Din of the Department of Computer Science at the University of York working with Lisa Sugiura of the University of Southampton, explain how they were studying mobile users' susceptibility to phishing attacks, through the use of deception in research and discovered that they were subject to regulations concerning its use. The regulations were implemented despite the fact that their covert work was for the benefit of users and did not represent a fraudulent phishing attack in itself.

As a result of this, the team suggests that the research community needs to start a dialogue on self-regulation and boundaries of legal and ethical conduct. "We are currently in the process of organising an international conference to discuss the legal and ethical challenges that face phishing researchers," the team says. "The conference will source multi-discipline expertise including: phishing researchers, board members of ethics committees, law professionals and industries affected by phishing such as and banks."

They point out that while deception is a well-established research methodology in psychology research projects, there is no clear law on whether or not deception is allowable in security or phishing research.

Explore further: Profile of likely e-mail phishing victims emerges in human factors/ergonomics research

More information: "To deceive or not to deceive! Legal implications of phishing covert research" in Int. J. Intellectual Property Management, 2013, 6, 285-293

add to favorites email to friend print save as pdf

Related Stories

'Phishing' scams explode worldwide, researchers shows

Jun 21, 2013

Those insidious email scams known as phishing, in which a hacker uses a disguised address to get an Internet user to install malware, rose 87 percent worldwide in the past year, a security firm said Friday.

Google finds hack attempts on eve of Iran election

Jun 13, 2013

(AP)—Google says it has discovered and stopped a series of attempts to hack the accounts of tens of thousands of Iranian users in an effort the company believes is an attempt to influence the country's upcoming election.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

UAE reports 12 new cases of MERS

Health authorities in the United Arab Emirates have announced 12 new cases of infection by the MERS coronavirus, but insisted the patients would be cured within two weeks.

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...