Fish named Phil helps foil phishers

Last Updated: Wednesday, September 26, 2007 | 12:31 PM ET

CBC News

Playing an online game beats computer tutorials or written materials in arming people against phishing attacks, Carnegie Mellon University computer scientists have determined.

The scientists tested an online game they developed, Anti-Phishing Phil, against a tutorial they created based on the game and existing online materials.

After 15-minute tests, "We found that participants who played the game were better able to identify fraudulent websites, compared to the participants in other conditions," the researchers reported in a paper presented at an online security symposium in July.

"We designed the game to teach people how to use web addresses, or URLs, to identify phishing websites," said Steve Sheng, a Carnegie PhD student and lead developer of the game, a project of the university's Usable Privacy and Security Laboratory.

Other computer scams, like viruses or spyware, are based on a weakness in the computer's hardware or software. But phishing attacks "take advantage of the way people use their computers and their often-limited knowledge of the way computers work," said Lorrie Cranor, Carnegie professor and director of the lab.

The game stars a little fish named Phil who helps users identify phishing URLs, look for cues in web browsers and use search engines to find legitimate sites.

The lab's user studies concluded that education can protect people from falling for phishing attacks, the scientists said.

But "it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves."

The researchers want to expand their tests by asking visitors to go to their website and play the game.

Phishing is a computer-based scam that tries to trick people into revealing personal, bank or credit-card information. Phishing often involves e-mails that appear legitimate, such as a request from a bank to confirm account information by sending details of the account.

If consumers do, the scammers will try to use the information to break into the consumer's account.

Stay Connected with CBC News

Big Box Advertisement

Top News Headlines

Duffy says he wants to give Canadians 'full story'

Duffy says he wants to give Canadians 'full story': Senator Mike Duffy says he wants a "full and open" inquiry so Canadians can get all the facts about the scandal that has rocked the Senate and the Prime Minister's Office and that he has no plans to resign. more »

Toronto Mayor Rob Ford fires chief of staff: A week after bombshell allegations that Toronto Mayor Rob ford was videotaped smoking crack, the mayor's chief of staff was fired and Ford is continuing to stonewall reporters. more »
Federal Court won't remove MPs over robocall allegations: The Federal Court says it won't throw six MPs out of their seats over allegations of widespread vote suppression through automated robocalls in the 2011 federal election. more »
Alleged Ford crack video seller not responding to calls: The journalist who broke the story alleging Toronto Mayor Rob Ford was recorded on video smoking crack cocaine says he may never be able to get his hands on the evidence. more »
2nd suspect in Tim Bosma murder case to plead not guilty: The lawyer for Mark Smich says the Oakville, Ont., resident will plead not guilty to first-degree murder in the death of Tim Bosma, the Hamilton man who disappeared earlier this month after taking two men on a test drive of his truck. more »

Must Watch

Latest Technology & Science News Headlines

Canada's privacy laws inadequate for digital age, watchdog says

Canada's privacy laws inadequate for digital age, watchdog says: Canadians' trust in the digital economy is at risk because our laws don't have enough teeth to compel companies to protect consumers' privacy, Canada's privacy commissioner says. more »

Twitter launches feature to 'make sure it's really you': Following hack attacks on the Twitter accounts of The Associated Press, the Financial Times and other media organizations by the Syrian Electronic Army, Twitter has rolled out a new feature to help prevent unauthorized logins to a user's accounts. more »
'Hadfield at Home' parodies astronaut's return to 'normal' life: While the real Chris Hadfield reacclimates to Earth gravity and performs experiments in Houston, a parody of the Canadian astronaut is recreating some of his famous space moments, but with decidedly terrestrial results. more »
3-D printing of airway tube helps save U.S. baby: In a medical first, doctors used plastic particles and a 3-D laser printer to create an airway splint to save the life of a baby boy who used to stop breathing nearly every day. more »
Importers brace for fight over iPods and TVs: Importers of popular electronics such as big-screen TVs and MP3 players are ramping up their fight against federal tariff changes, accusing the government of misleading them by offering tariff breaks that it planned to claw back later. more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.

Quirks & Quarks

May 25: The Origin of Feces May. 23, 2013 9:43 AM Cow pies, scat, droppings, guano, dung, manure, night soil, poop, fecal matter, sh*t. Call it what you may, excrement plays a crucial role in evolution, culture and the environment.