Don't let your information get CAUGHT!

Kim Francisco

Over the past decade, a number of standards, laws and regulations have emerged that require organizations to provide strong security and privacy guarantees. The end result is high expectations when it comes to cyber security awareness and training, both of employees and customers. Take a look at this Anti-Phishing game. For those unfamiliar with the term, a phishing attack occurs when bait is used to “catch” financial information and passwords. This game brings awareness to the scam, while providing key warning signs of phishing scams. When a user falls for a simulated attack and clicks on the URL, PhishGuru takes advantage of the “teachable moment” in the form of a cartoon that offers steps to avoid falling for these attacks.

 

Banca Poploare di Sondrio, an Italian bank, didn’t want anyone to fall victim to a phishing scam. After offering the game to its employees and customers, it appears to be significantly more effective at training people to recognize phishing attacks than more traditional training solutions used previously and currently.

 

Carnegie Mellon University did a study in which they sent study participants a fake spear phishing email that contained a phishing URL. After clicking on the link, participants were shown a cartoon telling them about phishing and how to avoid similar spear phishing attacks in the future. All participants were sent a series of three legitimate emails and seven spear phishing emails over 28 days. Carnegie Mellon’s findings show that people in the 18-25 age groups were most prone to consistently falling for phishing emails. After using the PhishGuru program, the likelihood of trained users falling for a phishing attack, decreased by 50 percent.

 

PhishGuru is a fun and educational way to educate and protect ourselves from an attack. Phishing attacks are not all fun and games, but it’s a great way to learn how to surf the web without getting caught!