Issue No. 02 - March/April (2008 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.52
Markus Jakobsson , Palo Alto Research Center
Nathaniel Johnson , Indiana University
Peter Finn , Indiana University
The authors argue that user studies are vital in order to improve our understanding of online fraud and other sociotechnical security problems. They then provide an overview of common approaches and describe how to carry out the approach that they believe results in the most accurate measurements, the so-called naturalistic phishing experiment. They give examples of such experiments, and illustrate ethical and technical issues that may arise for such experiments.
deceit, debriefing, ethics, experiment, fraud, naturalistic, phishing, subject-expectancy bias
N. Johnson, M. Jakobsson and P. Finn, "Why and How to Perform Fraud Experiments," in IEEE Security & Privacy, vol. 6, no. , pp. 66-68, 2008.