Online fraud is threatening organizations and individuals alike, and many fear that it can turn into a weapon of electronic warfare within the not so distant future. There is a strong consensus that we, as a society, need to improve our resilience against this threat. This goal can be reached using at least three principal approaches: Software-based security initiatives, legal and regulatory efforts, and educational approaches. While the approaches are complementary, they are not entirely independent. For example, legal and regulatory efforts are limited by technological issues for detection and enforcement. Likewise, the impact of client-side software initiatives is affected by educational efforts relating how to use the technology, and how to maintain the integrity of deployed software. In turn, regulatory efforts fuel software development and deployment, and recent FFEIC guidance [19] encourages financial institutions to educate their clients.
While technical efforts to fight the problem proliferate, and legal and regulatory approaches are rapidly catching up, we argue that the development of educational efforts have been left behind. Consumers are faced with a bewildering array of advice of how to stay safe against identity thieves, but we are not certain that any of the efforts manage to communicate a basic understanding of what to do and why. Current advice comes in many forms, from the terse online resources of financial institutions to in-depth self-help books describing how to to obtain access to credit reports. Consumers are advised to buy and use paper shredders; look for icons indicating that sites are hacker safe, use encryption, and that are members of the Better Business Bureau. At the same time, the typical Internet user does not know how to identify a phishing email [48], but often [29] relies on checking spelling and identifying known deceit techniques. Many consumers do not realize how easy it is to clone an existing site (e.g., using a tool like WebWhacker [57]) but interpret convincing website layout as a sign of legitimacy. It is not surprising that the average consumer has a rudimentary understanding of the threat, both due to the fact that he or she does not understand the intricacies of the Internet, and due to the difficulties of communicating complex notions to users that would rather not be involved at all. To make it worse, phishing is both a matter of technology and psychology [30, 49], and there is ample evidence (see, e.g., [39]) supporting that most people want to trust what they see.
Get pdf Using Cartoons to Teach Internet Security
No comments:
Post a Comment