Ethics and Phishing Experiments

TitleEthics and Phishing Experiments
Publication TypeJournal Article
Year of Publication2018
AuthorsResnik, DB, Finn, PR
JournalScience and Engineering Ethics
Date Published2018
Publication Languageeng
ISBN Number13533452
Keywordscomputer , cybersecurity , debriefing , Deception , ethics , Human , Informed , Internet , phishing
AbstractPhishing is a fraudulent form of email that solicits personal or financial information from the recipient, such as a password, username, or social security or bank account number. The scammer may use the illicitly obtained information to steal the victim's money or identity or sell the information to another party. The direct costs of phishing on consumers are exceptionally high and have risen substantially over the past 12 years. Phishing experiments that simulate real world conditions can provide cybersecurity experts with valuable knowledge they can use to develop effective countermeasures and prevent people from being duped by phishing emails. Although these experiments contravene widely accepted informed consent requirements and involve deception, we argue that they can be conducted ethically if risks are minimized, confidentiality and privacy are protected, potential participants have an opportunity to opt out of the research before it begins, and human subjects are debriefed after their participation ends.
NotesResnik, David B. 1 Finn, Peter R. 2; Affiliation: 1: National Institute of Environmental Health Sciences (NIEHS), National Institutes of Health (NIH), 111 Alexander Drive, 27709, Research Triangle Park, NC, USA 2: Department of Psychological and Brain Sciences, Indiana University at Bloomington, Bloomington, IN, USA; Source Info: Aug2018, Vol. 24 Issue 4, p1241; Subject Term: PHISHING; Subject Term: COMPUTER security ethics; Subject Term: HUMAN experimentation; Subject Term: INTERNET privacy; Subject Term: DECEPTION; Subject Term: INFORMED consent (Law); Author-Supplied Keyword: Cybersecurity; Author-Supplied Keyword: Debriefing; Author-Supplied Keyword: Deception; Author-Supplied Keyword: Ethics; Author-Supplied Keyword: Human experimentation; Author-Supplied Keyword: Informed consent; Author-Supplied Keyword: Phishing; Number of Pages: 12p; Document Type: Article; Full Text Word Count: 5920