Laboratory Exercise | Discussion Questions

Complete at least three of the following:

1. Play at least two games of Anti-Phishing Phil at http://wombatsecurity.com/antiphishingphil. Create a “blacklist” of the phishing Web site addresses you encountered, and a “whitelist” of the legitimate Web sites. (Hint: see the section on Anti-phishing Technologies.) Describe how the Anti-Phising Phil experience has helped you to better recognize phishing Web sites. What are your likes and dislikes about the game? Are there any suggestion(s) that you would like to provide so as to improve it? If so, explain.
2. Visit the PhishGuru Web site, http://phishguru.org/, and download at least two additional messages. What is PhishGuru? What new anti-phising advice were you offered from these messages? Create your own message that would be displayed whenever a user mistakenly opens a phishing e-mail.
3. Take the “SonicWall Phishing and Spam IQ Test” a couple of times (http://www.sonicwall.com/phishing/). What was your maximum score? Look at the test result sheet, and give the name that appears in the “Subject” column for three of the questions. For each of the subjects, click on the “Why?” link that appears under the “Explain Answer Column.” The e-mail you viewed for that question should re-appear—this time with explanations. Copy one of the given explanations for each of the e-mails.
4. In recent years, a more insidious form of phishing, known as spear phishing, has taken root. Spear phishing is customized to a particular user. It often addresses the recipient directly (by name) and may include other personal information about the user. Provide a recent example of spear phishing and discuss the peculiarities of the e-mail that makes it a suspected phish. Your example could be taken from an e-mail you or someone you know received, from a handout from your instructor, or from a recent newspaper or Web article.
5. Pharming is yet another recent form of phishing, which automatically redirects the user to a fake Web site—no clicking required. Give a recent example of pharming and discuss the peculiarities of the e-mail that makes it a suspected phish. Again, your example could be taken from an e-mail you or someone you know received, a handout from your instructor, or from a recent newspaper or Web article.

Discussion Question

1. Which deviance theory could best describe phishers?
2. Is phishing identified by most people as a social taboo?
3. What are the societal cost of phishing?