This is a sweet little game that teaches people how to recognize “phishing” scams.
Carnegie Mellon University computer scientists have developed Anti-Phishing Phil, an online fishing game that teaches people how to recognize and avoid email “phishing” attempts and other Internet scams. During testing at the Carnegie Mellon Usable Privacy and Security (CUPS) Laboratory, people who spent 15 minutes playing the game were better able to spot fraudulent Web sites than people who spent 15 minutes reading anti-phishing tutorials and educational material.
The lab is now testing the game on the general public through its Web site. Participants are asked to take a short quiz, play the game, and then take another quiz. “We believe education is essential if people are to avoid being ripped off by these phishing attacks and similar online scams,” says CUPS Lab director and associate research professor in the School of Computer Science’s Institute for Software Research Lorrie Cranor.
“Unlike viruses or spyware, phishing attacks don’t exploit weaknesses in a computer’s hardware or software, but take advantage of the way people use their computers and their often limited knowledge of the way computers work.” The game managed to improve users’ accuracy in spotting dangerous Web sites from 69 percent to 87 percent. “We designed the game to teach people how to use Web addresses, or URLs, to identify phishing Web sites,” says Ph.D. student and lead developer of Anti-Phishing Phil Steve Sheng.