New Training Game Makes Anti-Phishing Education Fun and Effective - Center for Technology Transfer and Enterprise Creation - Carnegie Mellon University

Monday, May 10, 2010

New Training Game Makes Anti-Phishing Education Fun and Effective

Today, Wombat Security Technologies announced the release of Anti-Phishing Phyllis, a fun and effective training game to teach employees and customers how to spot fraudulent emails. Phyllis builds on the success of Wombat’s Anti-Phishing Phil game, which trains people to recognize fraudulent URLs. Wombat’s unique approach to cyber security training in the form of engaging games builds on learning science principles and has been featured in Scientific American for its novelty and effectiveness. With its training solutions now licensed for use by millions of users around the world, Wombat security has established itself as a global leader in the fight against online scams.

With Anti-Phishing Phyllis, we now have a complete line of products to help government and private sector organizations combat phishing attacks,” said Dr. Norman Sadeh, co-founder and CEO of Wombat Security Technologies. “With these attacks on the rise, Anti-Phishing Phil and Anti-Phishing Phyllis are training games that every employee and customer should play.”

In the Anti-Phishing Phyllis training game, users help a fun fish character named Phyllis teach her school of fish how to avoid phishing traps in fraudulent emails. Traps covered in the game include fake links, malicious attachments, cash prizes, “respond-to” emails asking for sensitive information and much more. Users are given a limited amount of time to analyze each email and spot traps. As they play the game, they are given feedback on the phishing traps they miss and learn to better protect themselves. The game comes with an extensive collection of randomized legitimate and fraudulent emails, so users can play the game multiple times without seeing the same messages. In just a little over 10 minutes, users proceed through a succession of three rounds, with each round introducing new tips and teaching them how to fend off dangerous email attacks.

Phyllis has been built to support easy deployment and customization. Training emails can also be customized to reflect the types of phishing attacks an organization’s employees or customers are most likely to receive.  These emails may pretend to be from the IT department asking for verification of employees’ passwords, a co-worker tempting them to download a picture of an animated singing hamster, or perhaps the IRS asking for their account information to issue a tax refund. 

With Anti-Phishing Phyllis, users learn to verify the information presented to them, rather than trust easily forged email features such as logos or URLs to decide if the message is fraudulent or not,” said Dr. Jason Hong, Wombat’s co-founder and CTO. “Our games are not just effective, but also have a minimal impact on an employee’s productivity.  Just like Anti-Phishing Phil, the Phyllis game can be played as often as you like from the convenience of a laptop or desktop computer,” said Hong.

Article Courtesy of Wombat Security Technologies