Saturday, November 03, 2007
Can you spot a bogus web address?
Carnegie Mellon University has developed a video game to teach people to avoid phishing.
In the game, you're a fish (phish?) swimming around in a pond full of worms. Hold the mouse over a worm, and a URL comes up (just like you can hover the mouse over a link and see the web address it goes to). Then you decide whether to eat the worm or swim past it. If the web address is bogus, you get hooked. You can ask for advice at any point in the game.
This is fun, and useful, but I'm not sure it's teaching the right thing. No matter how good a URL looks, if you saw it in random email telling you to log in and "verify your account", it's still going to be a trick of some kind.
They also have sharks swimming around trying to eat you, which is just a distraction and doesn't have much to do with the real Internet, where you should take all the time you need to make a security decision.
|
In the game, you're a fish (phish?) swimming around in a pond full of worms. Hold the mouse over a worm, and a URL comes up (just like you can hover the mouse over a link and see the web address it goes to). Then you decide whether to eat the worm or swim past it. If the web address is bogus, you get hooked. You can ask for advice at any point in the game.
This is fun, and useful, but I'm not sure it's teaching the right thing. No matter how good a URL looks, if you saw it in random email telling you to log in and "verify your account", it's still going to be a trick of some kind.
They also have sharks swimming around trying to eat you, which is just a distraction and doesn't have much to do with the real Internet, where you should take all the time you need to make a security decision.
# posted by Frederick @ 8:10 PM Email to a friend:
Haloscan: they provide trackback