Issue No.02 - March/April (2008 vol.6)
Markus Jakobsson , Palo Alto Research Center
Nathaniel Johnson , Indiana University
Peter Finn , Indiana University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.52
The authors argue that user studies are vital in order to improve our understanding of online fraud and other sociotechnical security problems. They then provide an overview of common approaches and describe how to carry out the approach that they believe results in the most accurate measurements, the so-called naturalistic phishing experiment. They give examples of such experiments, and illustrate ethical and technical issues that may arise for such experiments.
deceit, debriefing, ethics, experiment, fraud, naturalistic, phishing, subject-expectancy bias
Markus Jakobsson, Nathaniel Johnson, Peter Finn, "Why and How to Perform Fraud Experiments", IEEE Security & Privacy, vol.6, no. 2, pp. 66-68, March/April 2008, doi:10.1109/MSP.2008.52