Uno-phish-al Emails can Reel you in!

A science fair project by Aiden LaFrance
Grade 8, Dudley Middle School, Dudley MA


Greetings, I’m Aiden T. LaFrance, and I’m taking part in the district science fair of Dudley MA. I wanted my project to be computer-based, due to my appreciation of technology. Once I saw the phishing emails piling up in my ‘Spam’ folder, I knew I wanted my project to revolve around that. With my previous knowledge of phishing along with a lot of research, I knew phishing was a very large security threat, and I knew this threat was present. Wanting to inform others of the dangers (and ultimately protect them), I developed the question of, “How many people can depict a phishing email from a real one?

The completed TriFold prepared for the Science Fair
The Completed TriFold

Let’s begin with the Research.

What is Phishing, and How do you get Hooked?

Phishing is a virtual scam designed to pressure you into giving out personal or confidential corporate information. Unfortunately, not all phishing emails jump out at you when you see them. Many are cleverly designed to trick you into thinking it’s real, but there’s a way to spot them.

In phishing emails, there will always be red flags to differ itself from real emails, like:

  • Unfamiliar Sending Addresses
  • Typos or Grammatical Errors
  • A Sense of Urgency
  • Fake / Look-Alike URL Links
  • Out-of-Date Web Pages
  • Missing Website Certificates
  • Non-HTTPS Links

If you ever find yourself suspicious of an email, thoroughly look for red flags. Being cautious never hurts, but losing your data does.


What do Hackers do with the Data?

The type of data phishing scams go after are bank details, online credentials, device control, W2 or W9 forms, and confidential files, but all these scams have one general goal: Money. Once having acquired data from a phishing victim, hackers go through a step-by-step series of tasks;

1.  Inventory the Data
Hackers will look through the stolen data files for authentication credentials,
personal information, and financial/credit card information.

2.  Sell the Personal Information
Hackers package up personal information (names, addresses, phone numbers, email addresses) and sell them, typically in bulk. These are more valuable the more recent they are.

3.  Look for the Good Stuff
Hackers will inventory the authentication credentials and look for potentially lucrative accounts. Since people often re-use their passwords, hackers can often use credentials for military or corporate accounts to target other companies.

4. Offload the Credit Cards
First, they use stolen credit cards to buy gift cards. They then use those cards to buy high-value goods. This process makes it difficult for authorities to trace them. They then sell the electronics through legitimate channels (eBay, Amazon), or to avoid risk, they can sell the goods through a hidden underground “deep web” site.

Once Stolen, What Do Hackers Do With Your Data? (2017, May 18). Retrieved February 16, 2019, from https://www.secplicity.org/2017/05/18/stolen-hackers-data/


What if you get Hooked?

If you do fall victim to a phishing scam, follow these steps:

  • Get Offline
    If you downloaded a file, disconnect from WiFi immediately.
  • Change Your Passwords
    Log in to the real site and change your password.
  • Contact the Organization that was Spoofed
    Report to the company that was copied, and follow the steps to safeguard your account.
  • Scan your Computer for Viruses
  • File a Report with the FTC
    If you see signs of identity theft, report it to the Federal Trade Commission
  • Protect Yourself Against Future Phishing Schemes
    Review all emails, links, and attachments before opening

For more details, check out this MentalFloss article.


Now it’s time to test my Question:

“How many people can depict a Phishing email from a Real one?”

My Hypothesis

I hypothesized that the average score of all subjects would be in the lower regions of around 60%. Due to the younger generation’s knowledge of technology, it was believed that the average score of subjects 12-29 years old would be higher than the average score of subjects 30-50+ years old.


The Data Collection Process

In order to test my hypothesis, I created an 11 question survey using Google Forms to harvest my data. The survey starts with a 60 second video explaining the very basics of phishing. The video didn’t go in-depth with anything, but was a simple reminder of phishing tactics, so the subject’s answers would be based on their existing knowledge of phishing scams.

I also collected the age range of the survey-taker. This allows me to group data based on generation. This also allows me to see which generation is more vulnerable to phishing scams.

I gathered a staggering 156 responses on my survey, which was great for accurate data. I created a graph displaying each generation’s average score on the survey.Graph of Averages


My Conclusion

After review of the data, my hypothesis was deemed incorrect, as the average of all survey-takers was at approximately 72%, not 60%. I was also incorrect in that the younger generation’s score was lower than the older generation’s score. Averages actually increased with age, until the oldest generation’s score dropped off.

 

If you have any questions about this project (or maybe the meaning of life), email me at aidentylerlafrance@gmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s