Phishing Game Protects Assets

Written by Carl E. Reid on February 23, 2009

anti-phishing-philIn a recent article ‘A new method to educate users about spam?‘ by Dan Blacharski, the U.S. Department of Justice tested and educated employees with fake phishing scams.  This phishing scam “fire drill” provides an excellent training lesson that more companies should adopt.  As I mentioned in an earlier article, ‘Ultimate Defense Against Spam in 2009′,  educating email users is the best defense against spam and phishing scams.

Apparently the National Science Foundation, the U.S. Army Research Office, Microsoft and IBM agree on phishing education. Each of these companies provided grant money to fund the CyLab Usable Privacy and Security Laboratory (CUPS).  In affiliation with Carnegie Mellon CyLab, CUPS has developed an awesome anti phishing educational tool.

CUPS brings together researchers working on a diverse set of projects related to understanding and improving the usability of privacy and security software and systems.  This valuable research has produced a game employees can actually justify playing at work called Anti-Phishing Phil. This interactive game teaches people how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites.

I not only had fun playing Anti-Phishing Phil, it also taught me a few things. The game can be  customized with your organization’s URLs and branding. Anti-Phishing Phil can integrate the game into a larger training program. The game play data can be used to assess your organization’s ability to resist phishing attacks and focus company training efforts.

Cylab studies have found that user education makes a big difference in preventing people from falling prey to phishing attacks. Cylab research also proves Anti-Phishing Phil to be an effective approach to educating all staff on technology security.   Playing a game at work that helps reduce the loss of personal and business assets surely deserves serious consideration from company management.

Anti-Phishing Phil addresses the main causes of people getting hooked into phishing scams:

  • People usually won’t read security tutorials
  • With so much online security training material, how can people identify what’s important to know?
  • Much of the security information is still lacking in not educating people in how to protect themselves.

About Carl E. Reid

Developing his career from the mail room to the board room, Carl E. Reid has achieved success by skillfully blending 40 years of technology and business intelligence experience with his passion for helping companies succeed. Carl is founder and CEO of NetTECH Systems Reid & Associates, Inc., an emerging technology consulting company located in the New York City area. One of his specialties is 15 years as a collaboration and email infrastructure consultant. He has implemented and supported Lotus Notes/Domino and other types of SMTP gateway/network configurations in small to large global companies up to 33,000 employees. Some of his clients have included IBM, Citi, JPMChase, Oxygen, LVMH - Moet Hennessy, MeadWestvaco, non-profits and professional organizations. Carl is a Savvy Business Owner, Public Speaker and Author. His articles have appeared in Network World, Computer Monthly magazines and hundreds of web sites. Combining business technology consulting with professional blogging, Carl specializes in advising clients how to best leverage the Internet as a tool for high impact visibility. Carl's speaking style combines humor with expertise, and his advice is always down-to-earth and practical. He personally publishes Library of Congress recognized newsletter blog, http://www.SavvyIntrapreneur.com and http://www.iTechSpeak.com. Carl wrote the original "Professional Blogger Job Description", being used as standard document within companies. As a business career coach, Carl teaches professionals how to run their career as a profitable business.
  • (required)
  • (required)