Sour Grapes
Of course we're Fair and Balanced!


White hat phishing expeditions

Phishing for the Good Guys [found in the 13 Aug 2007 issue of Network World] is an interesting article about Markus Jakobsson, a cybersecurity researcher and professor at Indiana University in Bloomington, who

spends much of his time perpetrating online attacks on unsuspecting Web surfers�without actually harming them, of course�to see what types of ruses people will fall for and to predict potential new techniques phishers might pursue....

The typical procedure is to tell them about the research after they've unknowingly participated, which Jakobsson admits has led to some angry responses.

Among his conclusions are that many people:

  • seem to have have no qualms about accepting a self-signed certificate

  • who won't click on a link contained in an e-mail will willingly copy and paste that same link into their browers

  • will respond to fraudulent e-mails that correctly identify the first four digits of their social security numbers (which are not random, but identify the issuer of the number)

  • if they are male, are likely to click on a link sent by a female, more so than one sent by a male

  • who appear to be politically on the extreme left or extreme right are likely to click on links sent to them, more so than those who are more moderate politically

Like others mentioned in the story, I have my doubts about the ethics of going about this the way Jakobsson is. But I also would probably be happy to volunteer to be one of his guinea pigs. But that would spoil the results, wouldn't it?

Blog home
Blog archives