by Mike Masnick
Mon, Jul 23rd 2007 8:34am
Lots of people are trying to research phishing scams in order to better understand them and come up with better ways to protect against them, but some folks are apparently a bit upset at research coming out of Indiana University that involved actually phishing a variety of people to con important information out of them in order to understand what kind of phishing scams work. The researchers and the university are defending the practice, saying they learned a lot from it, and it's legal to be deceptive for the purpose of research so long as the deception is no different than what a person might come across normally and the risk to the person is minimal. Still, if any of the information is eventually misused or gets leaked, it certainly could create some problems for the university (and universities are no stranger to leaking data). The university still claims that this kind of research is key to preventing phishing... but oddly, the article seems to highlight what works for phishing scams, rather than what works to stop phishing scams. So, right now, the research seems to be telling scammers how to be more effective scammers, rather than coming up with ways to stop phishing.
If you liked this post, you may also be interested in...
- DMCA Process Abused To Nuke Post About Researcher Who Faked Data On Federally-Funded Study
- Do You Have Examples Of Constructive Responses To Hateful/Abusive/Trollish Speech Online?
- Researchers Find Vulnerability That Enables Accounting Fraud, PwC Decides The Best Response Is A Legal Threat
- Only Thing 'Exposed' By Bad Reporting About Russia/Trump Link Is Malware Researchers' Unethical Behavior
- FCC: Comcast Routinely Charges Customers For Hardware, Services Never Ordered