Wombat Security Awareness Training To Be Presented at Leading International Conferences

PITTSBURGH, PA July 14, 2009 – Wombat Security Technology’s Chief Scientist, Dr. Lorrie Cranor will deliver a keynote talk on the effectiveness of embedded training solutions when it comes to helping organizations boost their employees’ readiness in the fight against phishing scams. Phishing is a scam perpetrated by criminals, who use fake emails and web sites to impersonate legitimate organizations and trick people into sharing sensitive information. Dr. Cranor’s presentation will be delivered on July 17 in Mountain View, CA to the 6th Conference on Email and Anti-Spam. Additional details on these findings are also being presented this week as peer-reviewed paper presentations at CEAS and the Symposium On Usable Privacy and Security (SOUPS).

Dr. Cranor will report on PhishGuru, an embedded training system that teaches people how to protect themselves from phishing scams in the regular context of use of their email. This solution, which has been commercialized by Wombat, can be used in a training campaign where an organization sends simulated phishing emails to its employees. People who fall for these training emails are shown comic strips that teach them what the risks of phishing are and what steps to take to avoid falling for phishing scams in the future. PhishGuru’s effectiveness derives from the fact that it creates unique “teachable moments” that replicate the context in which users will be called upon to apply the training they receive. The benefits are significant increases in the ability of employees to recognize phishing attacks.

In the paper to be presented at SOUPS on Thursday, Dr. Cranor, Wombat CTO Dr. Jason Hong, and their Carnegie Mellon University (CMU) colleagues report on a field study of PhishGuru involving 515 university students, faculty, and staff. The research team sent a series of mock “spear” phishing emails to study participants, luring them with emails that appeared to come from university officials. Spear phishing is a particularly insidious form of phishing attacks that targets employees of a specific organization. The researchers found that participants who had been trained with PhishGuru were less than 50% as likely to fall for these insidious attacks as those who had not been trained.

In the paper to be presented at CEAS on Friday, Dr. Cranor and her colleagues report on data collected from a joint project with the Anti-Phishing Working Group (APWG), an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. As part of the APWG CMU Phishing Education Landing Page program, consumers who click on phishing emails are redirected to an educational website that uses a Wombat PhishGuru cartoon to teach them how to avoid falling for phishing attacks. During the first six months of the landing page program, approximately 70,000 Internet users were educated by the landing page. The researchers identified nearly 4,000 unique phishing URLs that had been redirected to the landing page during that period.

About Wombat Security Technologies

Wombat Security Technologies, headquartered in Pittsburgh, PA, was founded to commercialize products originally developed at Carnegie Mellon University as part of one of the largest anti-phishing research projects in the US. Wombat’s unique suite of anti-phishing training and filtering solutions offers organizations one of the most compelling ROI propositions in the marketplace today. Wombat’s products are easy to deploy and maintain and are used in sectors as diverse as finance, government, defense, telecom, health care, and education.

The SOUPS paper is available at http://cups.cs.cmu.edu/soups/2009/proceedings/a3-kumaraguru.pdf

The CEAS paper is available at http://www.ceas.cc/papers-2009/ceas2009-paper-37.pdf

Information about the AWPG CMU Phishing Education Landing Page Program is available at http://education.apwg.org/r/about.html

For additional details on Wombat Security Technologies: wombatsecurity.com

Media Contact: press@wombatsecurity.com