State Department deploys computer game to combat phishing

Oct. 28, 2009 at 5:18 PM
share with facebook
share with twitter
Sign up for our Security newsletter

WASHINGTON, Oct. 28 (UPI) -- State Department employees are being encouraged to play a computer game to familiarize themselves with the global threat posed by phishing, an increasingly sophisticated form of identity fraud that can entice unsuspecting computer users into divulging sensitive personal information.

The game, called Phil by Pittsburgh-based developer Wombat Security Technologies, is designed especially to train employees of security-conscious organizations to be aware of the devious and sublime methods used by fraudsters to persuade computer users to reveal information they use for logging into secure government sites, financial domains and other sensitive Internet locations.

Most of these domains are usually considered off limits to unauthorized computer users.

Wombat said Phil, the training game, will be made available worldwide to all 55,000 employees of the U.S. Department of State.

Phishing is a broad term used to describe a range of techniques used by fraudsters to hoodwink computer users who may be in a position of influence or power, or have wealth the phishers have their eyes on.

A typical phishing e-mail is disguised as an official message from a fictional bank or organization. The sender attempts to trick the recipient into revealing confidential information by "confirming" it at a Web site purporting to be the genuine article but usually a fake one set up by the phisher.

Although anti-phishing campaigners warn potential victims to look out for spelling errors and grammatical mistakes, security sources say that phishing now is far too sophisticated for that kind of tell-tale notion of fraud.

Even the prospect of catching a phisher through a suspicious Web site address has been dealt with by fraudsters that can replicate the Uniform Resource Locator of a genuine Web site.

Although phishing began as an e-mail scam, it has now spread to instant messaging and other media, including social networking Web sites and devices such as phones and mini-computers, security sources said.

Phil is an engaging training game packed with fun that was originally developed at Carnegie Mellon University, Pittsburgh, and is now commercialized by Wombat. The game has been shown to be significantly more effective at training people to recognize phishing attacks than more traditional training solutions used in the computer security industry, Wombat said.

The company cited a rise in phishing attacks over the past several years and the ability of the attackers to defeat anti-spam software and other security measures.

"We are honored to add the U.S. Department of State to our rapidly growing list of customers," said Norman Sadeh, founder and CEO of Wombat Security Technologies. "With the continuing increase in sophistication of phishing attacks, it is critical for government organizations as well as private sector organizations to turn to more effective ways of training their workforce."

Wombat Security Technologies says it is a global leader in cybersecurity awareness and training.

Related UPI Stories
Trending Stories