Why and How to Perform Fraud Experiments

Markus Jakobsson; Nathaniel Johnson; Peter Finn

doi:10.1109/MSP.2008.52

Security&Privacy
2008
Issue No. 2 - March/April
Abstract - Why and How to Perform Fraud Experiments

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Markus Jakobsson Articles by Nathaniel Johnson Articles by Peter Finn

Why and How to Perform Fraud Experiments

March/April 2008 (vol. 6 no. 2)

pp. 66-68

	ASCII Text	x
	Markus Jakobsson, Nathaniel Johnson, Peter Finn, "Why and How to Perform Fraud Experiments," IEEE Security & Privacy, vol. 6, no. 2, pp. 66-68, March/April, 2008.

	BibTex	x
	@article{ 10.1109/MSP.2008.52, author = {Markus Jakobsson and Nathaniel Johnson and Peter Finn}, title = {Why and How to Perform Fraud Experiments}, journal ={IEEE Security & Privacy}, volume = {6}, number = {2}, issn = {1540-7993}, year = {2008}, pages = {66-68}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2008.52}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Why and How to Perform Fraud Experiments IS - 2 SN - 1540-7993 SP66 EP68 EPD - 66-68 A1 - Markus Jakobsson, A1 - Nathaniel Johnson, A1 - Peter Finn, PY - 2008 KW - deceit KW - debriefing KW - ethics KW - experiment KW - fraud KW - naturalistic KW - phishing KW - subject-expectancy bias VL - 6 JA - IEEE Security & Privacy ER -

Markus Jakobsson, Palo Alto Research Center

Nathaniel Johnson, Indiana University

Peter Finn, Indiana University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.52

The authors argue that user studies are vital in order to improve our understanding of online fraud and other sociotechnical security problems. They then provide an overview of common approaches and describe how to carry out the approach that they believe results in the most accurate measurements, the so-called naturalistic phishing experiment. They give examples of such experiments, and illustrate ethical and technical issues that may arise for such experiments.

1. M. Jakobsson and J. Ratkiewicz, "Designing Ethical Phishing Experiments: A Study of (ROT13) rOnl Auction Query Features," Proc. 15th Int'l Conf. World Wide Web, ACM Press, 2006, pp. 513–522.
2. R. Dhamija and J.D. Tygar, "The Battle against Phishing: Dynamic Security Skins," Proc. 2005 Symp. Usable Privacy and Security, ACM Press, 2006, pp. 77–83.
3. M. Jakobsson et al., "What Instills Trust? A Qualitative Study of Phishing," Proc. 1st Int'l Workshop on Usable Security, Springer-Verlag, 2007; www.informatics.indiana.edu/markus/papers trust_USEC.pdf.
4. S. Srikwan and M. Jakobsson, "Using Cartoons to Teach Internet Security," Cryptologia, vol. 32, no. 2, 2008; .
5. V. Anandpara et al., "Phishing IQ Tests Measure Fear, not Ability," Proc. 1st Int'l Workshop on Usable Security, Springer-Verlag, 2007; www.securitycartoon.com/cryptologia08www.informatics.indiana.edu/ markus/papersphish6.pdf .
6. P. Finn and M. Jakobsson, "Designing and Conducting Phishing Experiments," IEEE Technology and Society, special issue on usability and security, vol. 26, no. 1, 2007, pp. 46–58.
7. T. Jagatic et al., "Social Phishing," Comm. ACM, vol. 5, no. 10, 2007, pp. 94–100; http://portal.acm.orgcitation.cfm?doid=1290958.1290968 .

Index Terms:

deceit, debriefing, ethics, experiment, fraud, naturalistic, phishing, subject-expectancy bias

Citation:

Markus Jakobsson, Nathaniel Johnson, Peter Finn, "Why and How to Perform Fraud Experiments," IEEE Security & Privacy, vol. 6, no. 2, pp. 66-68, March-April 2008, doi:10.1109/MSP.2008.52

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.