Phishing is a method used by criminals to harm you in multiple ways. The scammers use so-called phishing e-mails including harmful links. A reliable way to identify phishing e-mails is to check the link, and the associated website address (URL) before you actually click on the link.
NoPhish is an educational training to identify messages with harmful links (also known as phishing). The training teaches how hackers operate and the identification of harmful links, which will be further deepened with appropriate exercises. The materials for NoPhish include posters, apps, and a video. The video was created in cooperation with Alexander Lehmann. The material was evaluated in user-centered studies and different contexts which lead to continiuous improvement of those materials. NoPhish started as a mere concept, which eventually became an educational training as part of the KMU-AWARE project.
It is best to start with the 5 minutes video and using the app afterward to consolidate the new knowledge. The app can also be used to teach the basics and the video as a short refresher after some time.
- Phishing Detection: Developing and Evaluating a Five Minutes Security Awareness Video: Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, Philipp Rack, Marco Ghiglieri, Peter Mayer, Alexandra Kunz, Nina Gerber. In: Proceedings of the 15th International Conference on Trust, Privacy and Security in Digital Business (TrustBus), 2018.
- NoPhish: Evaluation of a web application that teaches people being aware of phishing attacks: Alexandra Kunz, Melanie Volkamer, Simon Stockhardt, Sven Palberg, Tessa Lottermann, Eric Piegert. In: Lecture Notes in Informatics (LNI), 2016.
- Über die Wirksamkeit von Anti-Phishing-Training: Simon Stockhardt, Benjamin Reinheimer, Melanie Volkamer. In: Usable Security and Privacy Workshop in conjunction with Mensch und Computer 2015, 2015.
- Teaching Phishing-Security: Which Way is Best?: Simon Stockhardt, Benjamin Reinheimer, Melanie Volkamer, Peter Mayer, Alexandra Kunz, Philipp Rack and Daniel Lehmann. In: 31st International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2016.
- Learn To Spot Phishing URLs with the Android NoPhish App: Gamze Canova, Melanie Volkamer, Clemens Bergmann, Roland Borza, Benjamin Reinheimer, Simon Stockhardt, Ralf Tenberg. In: IFIP Advances in Information and Communication Technology, World Conference on Information Security Education this summer in conjunction with IFIP SEC 2015, Springer, 2015.
- NoPhish App Evaluation: Lab and Retention Study: Gamze Canova, Melanie Volkamer, Clemens Bergmann and Benjamin Reinheimer. In: Internet Society: NDSS Workshop on Usable Security 2015, February 2015.
- NoPhish: An Anti-Phishing Education App: Gamze Canova, Melanie Volkamer, Clemens Bergmann, Roland Borza. In: 10th International Workshop on Security and Trust Management in conjunction with ESORICS 2014, 2014.
<kes>, Android-News, ZwischenSeiten, lex-blog, Funkkolleg-Sicherheit, TURN ON, Polizei Hessen, <kes>, Deutschlandfunk, TÜV Rheinlandpfalz, Lehrerrundmail, mimikama.at (Österreich), App der Woche, Facebook Links des BSI, Facebook Links des Fraunhofer SIT, Online PC (Schweiz), Darmstädter Echo, Learnabit, BSI für Bürger, Sparkasse Darmstadt, Netzwerke der LOEWE-Forschung
These tools can help you applying the newly learned knowledge by helping to identify and judging links:
- TORPEDO - This Add-On for Thunderbird helps you to identify harmful links in e-mails.
- QR-Code Scanner App - The Android-App can be used to scan and open QR-codes. The App will block an immediate opening of a website if an URL is attached to the QR-code. The URL will be displayed to the user, which enables an inspection before entering the webpage.
References - who is using NoPhish already?
Independent institutions use NoPhish, were part of the evaluation or recommend the materials and tools on their website: