Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

Plugging the “Phishing” Hole: Legislation Versus Technology

This iBrief analyzes the Anti-Phishing Act of 2005, legislation aimed at curbing the problem of phishing. Phishing is the sending of fraudulent emails which appear to be from legitimate businesses and thereby fooling the recipients into divulging personal information such as credit card numbers. While this legislation may provide some assistance in the fight against phishing, it is limited by the global nature of the Internet and the ease with which phishers can hide and avoid judgments. This iBrief therefore concludes that although the Anti-Phishing Act can play a supporting role in the battle, technological solutions are the most effective means of reducing or eliminating phishing attacks

Two-Factor Authentication for Online Banking Applications

Online banking: Features and risks; Phishing demo; DNS cache poisoning demo • FFIEC Guidance Overview • Authentication methods; Two-factor authentication; Options for online banking • Is two-factor authentication the correct approach? --Overvie

Investigation of Attitudes Towards Security Behaviors

Cybersecurity attacks have increased as Internet technology has proliferated. Symantec’s 2013 Internet Security Report stated that two out of the top three causes of data breaches in 2012 were attributable to human error (Pelgrin, 2014). This suggests a need to educate end users so that they engage in behaviors that increase their cybersecurity. This study researched how a user’s knowledge affects their engagement in security behaviors. Security behaviors were operationalized into two categories: cyber hygiene and threat response behaviors. A sample of 194 San José State University students were recruited to participate in an observational study. Students completed a card sort, a semantic knowledge quiz, and a survey of their intention to perform security behaviors. A personality inventory was included to see if there would be any effects of personality on security behaviors. Multiple regression was used to see how card sorting and semantic knowledge quiz scores predicted security behaviors, but the results were not significant. Despite this, there was a correlation between cyber hygiene behaviors and threat response behaviors, as well as the Big Five personality traits. The results showed that many of the Big Five personality traits correlated with each other, which is consistent with other studies’ findings. The only personality trait that had a correlation with one of the knowledge measures was neuroticism, in which neuroticism had a negative correlation with the semantic knowledge quiz. Implications for future research are discussed to understand how knowledge, cyber hygiene behaviors, and threat response behaviors relate