Reaching Others University at Buffalo - The State University of New York
Skip to Content
UB Reporter

Research News

NSF grant to fund phishing research

By PATRICIA DONOVAN

Published October 25, 2013

Arun Vishwanath
“We all are vulnerable and through us, so are government and commercial institutions, including security agencies and news sources.”
Arun Vishwanath, associate professor
Department of Communication

Arun Vishwanath, associate professor in the Department of Communication, has received a three-year, $320,000 grant from the National Science Foundation to launch a research project to learn just how people fall victim to cyber-phishing attacks and what tools can be used to protect them.

His partner in the study is H. Raghav Rao, SUNY Distinguished Service Professor in the Department of Management Science and Systems, School of Management, where Vishwanath is an adjunct associate professor. The two will partner with other organizations, including the National Consumer League, in conducting the study.

Phishing is the familiar scam in which Internet fraudsters send spam or pop-up messages aimed at drawing personal and financial information from unsuspecting victims. Once they acquire personal information, phishers can sometimes get into the victim’s other online personal and business accounts as well.

Vishwanath, an expert in consumer behavior and information processing, says research like this is necessary and important because, at its core, every recent major cyber attack has involved a phishing scam. Phishing makes important private information available to hackers, which in turn can be used to facilitate those attacks.

“Phishing has become the attack vector of choice among cyber criminals and their incidence has gone up significantly,” he says. “We all are vulnerable and through us, so are government and commercial institutions, including security agencies and news sources.  

“Such attacks are on the rise,” Vishwanath says, “and are more successful than people realize.”

He cites such examples as the April attack on the AP Twitter feed that resulted in it disseminating “news” of a White House bombing in which the president was injured. Another example, he says, was the August takedown of The New York Times website by the pro-Assad “Syrian Electronic Army.”  

“Besides these,” he says, “a host of recent attacks on other news outlets, such as The Washington Post, The Wall Street Journal, The New York Times, CBS, BBC and NPR, have all been attributed to phishing attacks.”

Vishwanath’s recent research employed an integrated information-processing model to test individual differences in vulnerability to phishing.

“This project,” he says, “will evaluate the relative efficacy of this model in helping us understand how to stop such attacks from victimizing people and the relative effectiveness of using anti-phishing toolbars and phishing-awareness training to protect the public.”