Can you spot a phish? Play Carnegie Mellon's game and see
Test your knowledge and learn how to tell the URL of a fraudulent site from a legitimate one
September 28, 2007 12:00 PM ETNetwork World -
Scientists at Carnegie Mellon University have developed an online game designed to teach Internet users about the dangers of phishing.
Featuring a cartoon fish named Phil, the game, called Anti-Phishing Phil, has been tested in CMU's Privacy and Security Laboratory. Officials with the lab say users who spent 15 minutes playing the interactive, online game were better able to discern fraudulent Web sites than those who simply read tutorials about the threat.
The game focuses on teaching Internet users how to tell the URL of a fraudulent site from a legitimate one, officials say. It offers tips such as examining URLs for misspellings of popular sites, dissecting a Web address to understand where it's pointing to and using Google to validate a URL against search results. (This reporter played the game, scoring 8 out of 8 in the first round, 6 out of 8 in the second round and not enough correct answers in the third round to move up.)
The lab has now decided to open up the game for broader testing. Visitors to the site who click on "play the game" are given a short quiz, play the game and then take another quiz, officials said. Visitors who submit their e-mail addresses and take a follow-up quiz the next week are entered in a raffle to win a $100 Amazon.com gift card.
The game was developed to help raise awareness about phishing attacks, in which spam e-mails that appear to come from a legitimate bank or retail organization try to lure the recipient into entering personal or financial information into a fraudulent Web site, where it can be stolen and used in identity theft.
Users run the risk of falling prey to a phishing attack more than viruses and other malware because these scams rely on social engineering and can't be protected against by technology, according to professors at the lab.
While security experts argue the effectiveness in educating users to be aware of phishing scams, Steve Sheng, the Ph.D. student who developed Anti-Phishing Phil, this summer presented results of a study showing that training improved Internet users' ability to tell a legitimate Web site from a fraudulent one. According to Sheng's research, users in the study improved their accuracy in spotting fake sites from 69% before playing the game to 87% after.
This project is part of a larger CMU antiphishing research initiative funded by the National Science Foundation and the Army Research Office.
Reprinted with permission from
Story copyright 2009 Network World, Inc. All rights reserved.
carnegie mellon
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
Download this white paper, free, compliments of Micro Focus!
Southern Company
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Defending Against the Storm
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Share our Strength
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
