Phishing is a scam by which an e-mail user is duped into revealing personal or confidential information that the scammer can use illicitly. This research explores the design features presented in phishing attacks, investigates how individual knowledge and psychological involvement influences people's abilities in phishing detection across levels of deceptiveness, and evaluates the effects of phishing related education and phishing detection technologies in mitigating individuals' phishing susceptibility. The experiments involve students, real world consumers, and employees in an organization to compare the effectiveness of email authentication toolbars and client software (either by themselves or in conjunction with phishing related educational interventions) on mitigating individual susceptibility to phishing attacks. The purpose of the project is to explore the features of phishing e-mails and evaluate the mechanism of its effects by using a variety of research methodologies such as content analysis, telephone surveys, and quasi-experiments.
Phishing is a phenomenon of internet fraud that not only directly causes millions of dollars in loss, but also erodes consumers' trust in online communication and transactions. The erosion drives consumers away from online businesses. Fighting the threat of phishing is an urgent task and calls for research from multiple perspectives. The research deepens our understanding of phishing as a social phenomenon that takes advantages of human vulnerabilities. The research team disseminates the findings to the general public, industry organizations, the research community, and law enforcement organizations. The channels include workshops on internet crimes and information security and also the local InfaGuard program in collaboration with a regional FBI office.