http://www.metafilter.com/75852/Phishing-in-Plain-English/ Comments on MetaFilter post Phishing in Plain English Tue, 21 Oct 2008 23:50:06 -0800 Tue, 21 Oct 2008 23:50:06 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://www.metafilter.com/75852/Phishing-in-Plain-English <a href="http://www.commoncraft.com/phishing">The latest paper-based video from the folks at Common Craft.</a> This video explains the ins and outs of phishing scams. Show it to your less web-savvy brethren. post:www.metafilter.com,2008:site.75852 Tue, 21 Oct 2008 22:13:51 -0800 dbarefoot phishing security commoncraft email http://www.metafilter.com/75852/Phishing-in-Plain-English#2307966 Very nice work. They should do a video on everything a new internet user should know (instead of explaining twitter or rss (which they did a great job of), explain how bcc and cc work in email, and how to properly quote and trim replies and HOW TO CHANGE YOUR FONT SIZE SO YOU CAN READ IT). comment:www.metafilter.com,2008:site.75852-2307966 Tue, 21 Oct 2008 23:50:06 -0800 mathowie http://www.metafilter.com/75852/Phishing-in-Plain-English#2308052 Thanks for posting this - have sent it on to my mum and other family :) comment:www.metafilter.com,2008:site.75852-2308052 Wed, 22 Oct 2008 03:25:35 -0800 harriet vane http://www.metafilter.com/75852/Phishing-in-Plain-English#2308057 HI I M from Nigeria your video like very much I lern English an how too phish all at same time thank u comment:www.metafilter.com,2008:site.75852-2308057 Wed, 22 Oct 2008 03:34:38 -0800 mannequito http://www.metafilter.com/75852/Phishing-in-Plain-English#2308128 ..but give a man a phishing site and you feed him for a lifetime. When people aren't sure about a site, if they are going to go ahead and enter some information, I wish they'd get in the habit of entering a bogus username and password first. The phishing sites don't have your details to check against. comment:www.metafilter.com,2008:site.75852-2308128 Wed, 22 Oct 2008 05:11:05 -0800 mandal http://www.metafilter.com/75852/Phishing-in-Plain-English#2309026 I like this video, though one concern I have is that, based on our research at Carnegie Mellon University, raising awareness about phishing is not sufficient, and tends to lead to more paranoia rather than actual ability to protect oneself. Videos like this are a good first step, but not sufficient. One item of interest previously mentioned on MeFi: we've done a large field trial of several thousands of people with our game <a href="http://cups.cs.cmu.edu/antiphishing_phil/">Anti-Phishing Phil</a>, showing that after playing our game, people are better at detecting phish correctly while not incorrectly thinking real sites are fake. We've also been working with the Anti-Phishing Working Group in developing better training materials. You might be seeing this <a href="http://education.apwg.org/r/en/index.html">landing page</a> for phishing sites that have been taken down. We also have a lot of cartoons for teaching people about phishing available at <a href="http://phishguru.org/">phishguru.org</a>. (Some context and discloures: I'm a professor at Carnegie Mellon University working on anti-phishing training and anti-phishing filters for email and web. I'm also a co-founder of <a href="http://wombatsecurity.com/">Wombat Security Technologies</a>, a startup to commercialize our work). comment:www.metafilter.com,2008:site.75852-2309026 Wed, 22 Oct 2008 12:55:58 -0800 jasonhong