Phishing is a serious threat to more than its initial targets, says researcher
Arun Vishwanath, Ph.D., associate professor in the department of communication at the University at Buffalo, has received a three-year, $320,000 grant from the National Science Foundation to launch a research project to learn just how people fall victim to cyber-phishing attacks and what tools can be used to protect them.
His partner in the study is H. Raghav Rao, Ph.D., SUNY distinguished service professor in the department of management science and systems in the UB School of Management, where Vishwanath is an adjunct associate professor. The two will partner with other organizations, including the National Consumer League, in conducting the study.
Phishing is the familiar scam in which Internet fraudsters send spam or pop-up messages aimed at drawing personal and financial information from unsuspecting victims. Once they acquire personal information, phishers can sometimes get into the victim's other online personal and business accounts as well.
Vishwanath, an expert in consumer behavior and information processing, says research like this is necessary and important because, at its core, every recent major cyber attack has involved a phishing scam. Phishing makes important private information available to hackers, which in turn can be used to facilitate those attacks.
"Phishing has become the attack vector of choice among cyber criminals, and their incidence has gone up significantly," he said. "We all are vulnerable and ... so are government and commercial institutions, including security agencies and news sources.
"Such attacks are on the rise," he continued, "and are more successful than people realize."
He cited such examples as the April attack on the AP Twitter feed that resulted in it disseminating "news" of a White House bombing in which the president was injured. Another example, he said, was the August take-down of The New York Times website by the pro-Assad "Syrian Electronic Army."
"Besides these," Vishwanath said, "a host of recent attacks on news outlets such as The Washington Post, The Wall Street Journal, The New York Times, CBS, BBC and NPR have all been attributed to phishing attacks."
Vishwanath's recent research employed an integrated information-processing model to test individual differences in vulnerability to phishing.
"This project will evaluate the relative efficacy of this model in helping us understand how to stop such attacks from victimizing people, and the relative effectiveness of using anti-phishing toolbars and phishing-awareness training to protect the public," he said.