Scheduled System Maintenance:
On May 6th, single article purchases and IEEE account management will be unavailable from 8:00 AM - 12:00 PM ET (12:00 - 16:00 UTC). We apologize for the inconvenience.
By Topic

Designing ethical phishing experiments

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Finn, P. ; Dept. of Psychol. & Brain Sci., Indiana Univ., Bloomington, IN ; Jakobsson, M.

While fraud has been part of human society for as long as we know, the automated type of fraud that is known as phishing is a relatively recent phenomenon. It is becoming clear to society that phishing is a problem of quite catastrophic dimensions. Phishing is a multifaceted techno-social problem for which there is no known single silver bullet. As a result of these insights, an increasing number of researchers and practitioners are attempting to quantify risks and degrees of vulnerabilities in order to understand where to focus protective measures. When academic researchers plan phishing studies, they are faced with the reality that such studies must not only be conducted in an ethical manner, but they also must be reviewed and approved by their Institutional Review Board (IRB). This article provides an overview of the review process used by IRBs, an outline of the section of the federal regulations, 45 CFR 46, 116(d)(14), that provide the circumstances where aspects of the informed consent process can be waived. Moreover, it contains a discussion of the controversial ethical issues inherent in phishing studies that request a waiver of aspects of the informed consent requirement. Finally, this paper outlines the process of designing and analyzing phishing experiments in an ethical manner, and in accordance with the principles and regulations guiding IRBs

Published in:

Technology and Society Magazine, IEEE  (Volume:26 ,  Issue: 1 )