Last modified: Monday, June 4, 2007
IU Informatics security experts draw new weapon in war on cyber crime
FOR IMMEDIATE RELEASE
June 4, 2007
BLOOMINGTON, Ind. -- Researchers at the Indiana University School of Informatics have developed new tools to help consumers avoid becoming victims of online fraud -- cartoons.
While good education can hardly secure a computer system, many experts believe that users often do not understand the risks of installing certain software, particularly those aimed at them by online scam artists.
"Security is about understanding what can hurt you, but very few of us have the time or dedication to read books and articles about Internet security," said associate professor Markus Jakobsson. "Still, we all need to know the basics. Regulators understand the importance of consumer education, too, and recent federal guidelines advise financial institutions to provide education for their clients.
That's why Jakobsson and Informatics research associate Sukamol Srikwan created www.SecurityCartoon.com, which is the first cartoon-based approach aimed at understanding the Internet risks faced by typical users.
"The cartoons we have developed obviously are not a textbook approach, not made for professional journals or geared to an audience of professional researchers," said Srikwan, who is the graphic designer of www.SecurityCartoon.com. "We wanted this to be accessible to anyone who uses the Internet -- general consumers, teenagers, teachers and anybody who banks or shops online. That's why the cartoon format is perfect -- everybody can relate to it."
The cartoons cover online security issues such as phishing, pharming, malware, spoofing and password protection. But as opposed to most other educational efforts relating to these topics, the cartoons do not only teach its readers what to do and not to do, but why, too.
"That makes the advice easier to make sense of," said Srikwan.
The Security Cartoon Web site might appear to be only entertaining, but it was devised using scientific methods by IU scientists. The Center for Applied Cybersecurity Research and the Anti-Phishing Group at IU is one of the most prolific and proactive in the world, both dedicated to studying Internet fraud tactics and developing countermeasures.
"We study the algorithms behind fraud, develop new techniques for combating it, and we investigate how people react psychologically to various threats," said Jakobsson, who is a CACR associate director. "Knowing what people will typically fall for, of course, is of importance when you develop educational countermeasures against phishing."
Phishing is duping someone into giving up private data -- such as credit card and Social Security numbers -- by masquerading as an authority. This is usually accomplished through e-mail or instant messaging, directing the recipient to a fraudulent Web site that appears legitimate.
According to Jakobsson, estimates show that an average of 5 percent of adult Americans are victims of identity theft each year, but adds that the percentage is on the upswing as phishing techniques become more sophisticated.
"A recent study conducted at IU revealed that some phishing attacks can dupe as much as 70 percent of those targeted," said Srikwan. "The cartoon is one way to give users better protection before these kinds of aggressive online attacks become common."