PITTSBURGH, Oct. 3 (UPI) -- U.S. researchers have found that tricking people into visiting educational Web sites by phishing techniques teaches them to avoid phishing attempts.
Phishing is the act of tricking computer users into divulging confidential information that can be used in identity theft.
Phishing attacks have become a common method used to steal such personal information as bank account numbers and passwords. But Carnegie Mellon University Associate Professor Lorrie Cranor said phishing often is successful because people ignore materials that otherwise might help them recognize such frauds.
The researchers -- who said they fought "phire with phire" -- discovered when they sent their own spoof e-mail to users and tricked them into visiting an educational Web site, those people tended to learn and retain more of the lesson about how to spot phishing sites.
Ponnurangam Kumaraguru, a graduate student in the university's Institute for Software Research, will present the study results Friday in Pittsburgh during an "eCrime Researchers Summit" being presented by the university.
A paper describing the study by Cranor, Kumaraguru, Jason Hong, Alessandro Acquisti, Yong Rhee, Steve Sheng and Sharique Hasa is available at http://www.ecrimeresearch.org/2007/proceedings/p70_kumaraguru.pdf.