Training and education concept for the detection of phishing and other dangerous messages
Internet fraudsters use various strategies to harm you and/or your company. A popular and widely used method is to send you messages containing fraudulent content. These messages can be dangerous in different ways. The message may ask you to make bank transfers, make (paid) calls, or the message contains dangerous links and/or dangerous attachments. These messages can be sent as e-mail but also via any other form of message. Emails with dangerous links are often called phishing emails.
"Ich bin der Forschungsgruppe SECUSO am KIT in Karlsruhe besonders dankbar, denn sie stellen sehr gute Awareness-Materialien zur Verfügung, um sich gegen Betrüger im Internet zu schützen." (Arne Schönbohm, Präsident des BSI)
What is our concept about?
We have developed this training and self-training concept in order to understand better the attack model 'fraudulent messages' and to learn how to protect yourself. It is roughly structured as follows:
- Introduction to the topic
- Detection of implausible, fraudulent messages
- Detection of dangerous links (including finding the URL behind the link, structure of the URL and tricks of the attackers)
- Detection of messages with dangerous attachments (including finding the format of the file, list of particularly dangerous file formats and tricks of the attackers)
The development of the NoPhish concept was started at TU Darmstadt. This happened within the project KMU Aware, funded by the Bundesministerium für Wirtschaft und Energie in the context of Initiative IT-Sicherheit in der Wirtschaft as well as the CRISP project funded by the Bundesministerium für Bildung und Forschung. The concept in turn has built on research work around the NoPhish App. The various measures as well as the concept are still being evaluated and further developed on the basis of the results. In addition, new measures are being developed. Currently, research around the NoPhish concept is financed by the BMBF within the framework of KASTEL.
How was the concept implemented?
(Currently not all the material is available in English, but we are working to provide more English translations)
The NoPhish concept was implemented in different measures. These are different detailed. Further information on the application can be found here (German only).
- Info card - with the most important rules for detecting fraudulent messages in trouser pocket format.
- Poster - with the most important rules for detecting fraudulent messages to hang in the office or central locations.
- Challenge Poster (German only) - with different forms of (fraudulent) messages and the question: Is this message trustworthy? With the help of a QR code you can answer this question and you will be taken to a page with the resolution and other tips for detecting fraudulent messages.
- Video - with a general introduction to the topic and the most important rules and descriptive examples in 5 minutes. The video was developed together with Alexander Lehmann. There are currently 3 different versions of this video on YouTube. On the SECUSO channel as well as on Alexander Lehmann you can find old versions of the video. The new version, which was improved based on evaluation results, can be found on the YouTube channel of the KIT.
- Flyer - with a general introduction to the topic and the most important rules, with descriptive examples.
- Training and self-training material - everything around the topic of fraudulent news with many examples and further information for self-study or as a starting point for the dissemination of knowledge, e.g. through lectures in your own company, our training documents offer the ideal basis. These documents also contain exercises. Parts of these documents and exercises have been incorporated into an Android App.
- Quiz (German only) - Self test to detect fraudulent messages.
- If you are interested in using our materials in your own company / organization, please contact contact∂secuso.org so that we can clarify the general conditions.
- Most of the recommendations are not absolute as the internet is very complex. Therefore, in this unit you will often read terms such as 'likely', 'very likely', 'potentially possible'. The recommendations should serve as a solid decision-making aid to identify fraudulent messages.
- The (potentially) fraudulent messages used are either taken directly from fraudulent messages that were in circulation or based on these messages.
- The dangerous web addresses used should only serve as examples. In individual cases, however, it may be that the advertising areas used have been registered directly by the imitated company itself in order to prevent attempts to defraud, or that they have been registered by individuals or companies who do not intend to do so in any way.
- An investigation of phishing awareness and education over time: When and how to best remind users.
- Reinheimer, B. M.; Aldag, L.; Mayer, P.; Mossano, M.; Düzgün, R.; Lofthouse, B.; von Landesberger, T.; Volkamer, M. 2020. Proceedings of the Sixteenth Symposium on Usable Privacy and Security (SOUPS), 259–284, USENIX Association
- Erklärvideo “Online-Betrug” – Nach nur fünf Minuten Phishing E-Mails nachweislich signifikant besser erkennen.
Volkamer, M.; Renaud, K.; Reinheimer, B.; Rack, P.; Ghiglieri, M.; Gerber, N.; Mayer, P.; Kunz, A. 2019. IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung : Tagungsband zum 16. Deutschen IT-Sicherheitskongress, 307–318, SecuMedia Verlag, Gau-Algesheim
- Phishing Detection: Developing and Evaluating a Five Minutes Security Awareness Video: Volkamer, M.; Renaud, K.; Reinheimer, B. M.; Rack, P.; Ghiglieri, M.; Mayer, P.; Kunz, A.; Gerber, N.
2018. Trust, Privacy and Security in Digital Business - 15th International Conference (TrustBus), Regensburg, Germany, September 5–6, 2018. Ed.: S. Furnell, 119–134, Springer, Cham
- Don't be Deceived: The Message Might be Fake: Neumann, S.; Reinheimer, B.; Volkamer, M. 2017. Trust, Privacy and Security in Digital Business - 14th International Conference (TrustBus), Lyon, France, August 30-31, 2017, 199–214, Springer, Cham.
- NoPhish: Evaluation of a web application that teaches people being aware of phishing attacks: Kunz, A.; Volkamer, M.; Stockhardt, S.; Palberg, S.; Lottermann, T.; Piegert, E. 2016. 46. Jahrestagung der Gesellschaft fur Informatik - 46th Annual Meeting of the German Informatics Society, INFORMATIK 2016, Klagenfurt; Austria, 26th 2016 - 30th September 2016, 509–518, Gesellschaft für Informatik, Bonn
- Über die Wirksamkeit von Anti-Phishing-Training: Stockhardt, S.; Reinheimer, B.; Volkamer, M. 2015. Mensch und Computer 2015 Workshopband. Ed. A. Weisbecker, 647–655, Oldenbourg Wissenschaftsverlag, Stuttgart
- Teaching Phishing-Security: Which Way is Best?: Stockhardt, S.; Reinheimer, B.; Volkamer, M.; Mayer, P.; Kunz, A.; Rack, P.; Lehmann, D. 2016. 31st International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2016, Ghent, Belgium, May 30th - June 1st, 2016, 135–149, Springer, Cham.
- Learn To Spot Phishing URLs with the Android NoPhish App: Canova, G.; Volkamer, M.; Bergmann, C.; Borza, R.; Reinheimer, B.; Stockhardt, S.; Tenberg, R. 2015. Information Security Education Across the Curriculum (IFIP): 9th IFIP WG 11.8 World Conference, WISE 9, Hamburg, Germany, May 26-28, 2015: Proceedings, 87–100, Springer, Cham.
- NoPhish App Evaluation: Lab and Retention Study: Canova, G.; Volkamer, M.; Bergmann, C.; Reinheimer, B. 2015. NDSS Workshop on Usable Security (USEC), San Diego, California, February 8-11, 2015, 10 S., Internet Society, Reston, VA
- NoPhish: An Anti-Phishing Education App: Canova, G.; Volkamer, M.; Bergmann, C.; Borza, R. 2014. 13th International Workshop, STM 2017, Oslo, Norway, September 14–15, 2017: Proceedings. Ed.: Giovanni Livraga, Chris Mitchell, 188–192, Springer International Publishing, Cham.
There are tools that help you to review links easier:
- TORPEDO - Extension to the Thunderbird email client that helps you to identify dangerous links in emails.
- QR-Code Scanner App - Android app that allows you to scan QR codes with your smartphone. If there is a URL in the QR code, the web site will not be opened directly, instead the URL will be shown to you first for review.
Current reference users and organization that refer to our material
- Karlsruher Institut für Technologie
- Berliner Verkehrsbetriebe
- Amt für Gemeindedienst in der Evang.-Luth. Kirche in Bayern
- ASAP Holding GmbH
- MARKANT Deutschland
- Könitz Porzellan GmbH
- Lemo Maschinenbau GmbH
- AVW Unternehmensgruppe
- Stadt Dessau-Roßlau
- Polizeipräsidium Einsatz in Baden-Württemberg
- Polizeipräsidium Südhessen
- Landesamt für Geoinformation und Landesvermessung Niedersachsen (LGLN)
- Artilleriebataillon 295 der Bundeswehr
- Eberhard Karls Universität Tübingen
- MARKANT Handels- und Industriewaren-Vermittlungs AG
- Stadt Hamm
- Ruhr-Universität Bochum
- Informations- und Mediendienste (ZIM) der Universität Duisburg-Essen
- Hochschule Koblenz
- Universität Würzburg
- Technische Universität Braunschweig
- Hochschule Konstanz (HTWG)
- Fernuniversität Hagen
- Hochschule Worms
- Universität Bamberg
- Universität Mannheim
- Landkreis Marburg-Biedenkopf
- Bayern1 Radio
- Welivesecurity by ESET
- Stadtwerke Jena