This Article 
 Bibliographic References 
 Add to: 
Why and How to Perform Fraud Experiments
March/April 2008 (vol. 6 no. 2)
pp. 66-68
Markus Jakobsson, Palo Alto Research Center
Nathaniel Johnson, Indiana University
Peter Finn, Indiana University
The authors argue that user studies are vital in order to improve our understanding of online fraud and other sociotechnical security problems. They then provide an overview of common approaches and describe how to carry out the approach that they believe results in the most accurate measurements, the so-called naturalistic phishing experiment. They give examples of such experiments, and illustrate ethical and technical issues that may arise for such experiments.

1. M. Jakobsson and J. Ratkiewicz, "Designing Ethical Phishing Experiments: A Study of (ROT13) rOnl Auction Query Features," Proc. 15th Int'l Conf. World Wide Web, ACM Press, 2006, pp. 513–522.
2. R. Dhamija and J.D. Tygar, "The Battle against Phishing: Dynamic Security Skins," Proc. 2005 Symp. Usable Privacy and Security, ACM Press, 2006, pp. 77–83.
3. M. Jakobsson et al., "What Instills Trust? A Qualitative Study of Phishing," Proc. 1st Int'l Workshop on Usable Security, Springer-Verlag, 2007; trust_USEC.pdf.
4. S. Srikwan and M. Jakobsson, "Using Cartoons to Teach Internet Security," Cryptologia, vol. 32, no. 2, 2008; .
5. V. Anandpara et al., "Phishing IQ Tests Measure Fear, not Ability," Proc. 1st Int'l Workshop on Usable Security, Springer-Verlag, 2007; markus/papersphish6.pdf .
6. P. Finn and M. Jakobsson, "Designing and Conducting Phishing Experiments," IEEE Technology and Society, special issue on usability and security, vol. 26, no. 1, 2007, pp. 46–58.
7. T. Jagatic et al., "Social Phishing," Comm. ACM, vol. 5, no. 10, 2007, pp. 94–100; http://portal.acm.orgcitation.cfm?doid=1290958.1290968 .

Index Terms:
deceit, debriefing, ethics, experiment, fraud, naturalistic, phishing, subject-expectancy bias
Markus Jakobsson, Nathaniel Johnson, Peter Finn, "Why and How to Perform Fraud Experiments," IEEE Security & Privacy, vol. 6, no. 2, pp. 66-68, March-April 2008, doi:10.1109/MSP.2008.52
Usage of this product signifies your acceptance of the Terms of Use.