Categories
BlogSchmog

Security Tightrope Walker

McAfee SiteAdvisor has a little quiz about phishing. I only got a C (7/10), but learned some things by taking the test. Designers can help educate people in these areas by not only visiting sites like these to educate themselves, but in better understanding the cues people need to differentiate scams from legitimate business. One of the keys to battling phishing is education, but better design can be an effective weapon, too.

Digital Inspiration highlighted a little online phishing quiz. Even though this is a commercial site trying to sell you a product (McAfee SiteAdvisor) through some fear tactics—as in, if you fail, your only hope is our product—the use of the quiz is engaging and enlightening.

YOU ANSWERED 7 OF 10 QUESTIONS CORRECTLY
Rating: Tightrope Walker

Not bad. You avoided some deceptive Web sites that would have put your personal information at risk. But you chose others that pose serious security threats that could lead to identity theft or financial losses.

The first and easiest clue to a phishing attack is the URL, which was masked by some of the screen shots used in this quiz. The part that lost me the three points was in not carefully reading the text for errors in grammar or inconsistencies in how the page refers to the same things. McAfee also published some tips and stats that are worth perusing.

There are other ways besides quizzes this information is being disseminated. A while ago, we blogged about Security Cartoon, a site using cartoons to help consumers avoid becoming victims of online fraud. Aldon Hynes, a veteran activist techie, mentioned phishtank in a post today.

PhishTank is a clearinghouse for phishing URLs, where you can post links and have them checked out against the collective intelligence of the masses. It is the same basic model, albeit more manual, that Akismet offers for spam protection in blog and forum comments. There is also an API developers can use to leverage this resource to make their own systems more secure.

Designers can help educate people in these areas by not only visiting sites like these to educate themselves, but in better understanding the cues people need to differentiate scams from legitimate business. One of the keys to battling phishing is education, but better design can be an effective weapon, too.

By Kevin Makice

A Ph.D student in informatics at Indiana University, Kevin is rich in spirit. He wrestles and reads with his kids, does a hilarious Christian Slater imitation and lights up his wife's days. He thinks deeply about many things, including but not limited to basketball, politics, microblogging, parenting, online communities, complex systems and design theory. He didn't, however, think up this profile.