Are Educational Videos Effective for Understanding Phishing Attacks?

3824 words (15 pages) Essay

23rd Sep 2019 Computer Science Reference this

Tags:

Disclaimer: This work has been submitted by a university student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Table of Contents

Faculty of Business and Information Technology

Hot Topic DA/SW/NT Proposal Cover Sheet

Declaration of Original Authorship

1.1 Introduction

1.2 Current situation and purpose

1.3 Scope

1.4 Aim:

2.1 Measurable Organization Value Statement

3.1 Literature review

Landing page 1

Washington Post – Education department warns that students financial aid are being targeted in phishing attacks

YouTube Video 1 Newsy

Video 2 Tripwire, Inc.

YouTube- video 3 403WebSecurity

YouTube video 4 State of Missouri

ResearchGate Landing page 2

YouTube – Video 5 RehmannNews

Comparison Table

4.1 Functionalities to be implemented and added values

4.2 Research approach/ methodology

Planning

Analysis

System Design

Implementation

Testing

Acceptance and Deployment

Maintenance

4.3 software to be used

Gantt Chart

Minutes Meeting

References

1.1 Introduction

Social engineering is a form of technique that relies massively on human interaction, it’s used by criminals to trick, influence or manipulate victims into sending them their confidentialsensitive information, infecting computers with malware usually by making victims open infected site links. Many attackers try to exploit people’s lack of knowledge, curiosity and kindness to gain unauthorized access to a system, network and steal confidential data. There are many different types of social engineering attacks but the most common is Phishing. Phishing Attacks/scams are emails, text messages or telephone calls used by cyber criminals to in still fear or create a sense of urgency by asking victims to act fast or you only have a limited time to respond to a fantastic deal which then makes individuals provide their sensitive data, opening malicious attachmentslinks. Many of the articles about phishing attack prevention are created for companies not the average tertiary level students, so what we proposed is creating a landing page that will have an educational video about how to prevent and identify phishing attacks and create a formative quiz which will be sent to every new student. We have also compared different educational videos and articles about phishing prevention to help us understand what others have missing, lacking or done, which will help us create the best content in which students can benefit from (n.d).

1.2 Current situation and purpose

Phishing attacks are on the rise and the occurrence of those attacks is also increasing with the extremely sophisticated new tools echniques. According to one article released from nzherald, previous Prime Minister John Key has stated in a cybersecurity conference that 856,000 kiwis were attacked/affected by cybercrime every year which has cost an estimated $257 million dollars. There are many articles about the importance of recognizing and preventing phishing attacks but are mostly targeted for companies and organizations not for the tertiary students who are also extremely vulnerable to phishing attacks. With phishing attacks being the most common form of cybercrime it’s important to educate students the basic cybersecurity habits, protecting themselves from becoming a phishing attack victim (2016).

The newly created landing page/website will provide newly enrolled students with the knowledge of how to recognize and prevent phishing attacks and a formative quiz that will require the students to must at least get 80% of the questions correct to pass the quiz.  We believe by making the landing page and the formative quiz as part of the new student’s orientation process will lower down the chances of students becoming victims of phishing attacks.


1.3 Scope


The scope for this project is to make sure students of Tertiary education such as MIT gain a better understanding of phishing through an educational video containing information on how to identify and avoid phishing attacks. We also intend to create a formative quiz to help students test their understanding of the video.

1.4 Aim:
The aim of this project is to minimize phishing attacks by raising awareness among tertiary level students by creating an educational video and a formative quiz to test the knowledge they have just learned. The educational video will be sent to every new student who will have to complete the formative quiz with a 7/10 to pass the quiz.

1.5 Objectives:
These are the steps we will take to achieve the scope
1. We will begin by analysing different educational videos about social engineering and Phishing to gain an insight on how they have structured their videos, time, content and so on.
2.  We will then compare and decide on which bits/ideas will suit our criteria.
3. We will document our findings.
4. Create a landing page which will have the educational video about phishing scam prevention and               the formative quiz.
  

1.6 Research question


Can tertiary level Students benefit and gain better understanding of phishing attacks through an educational video and a formative quiz?

2.1 Measurable Organization Value Statement

The landing page we will be creating will be a public page so this project will be targeted towards the social area of secondary/tertiary education. We want to see how the targeted group will be impacted from our functionalities and features of the landing page. Cyber security is a concern for everyone not just students. Students can easily become a victim of any form of social engineering attack such as phishing because a lot of information is stored on social media profiles etc. When the project is completed we want students to gain the information provided along with the quiz and protect themselves from future social engineering attacks. The project can also be operational due to the creation of the landing page, we want our landing page to be different from others and also be more useful with easy navigation so that it is simple for all users (2012 ).

3.1 Literature review

Landing page 1

Here is the most common landing page we have found relating to phishing. This page is very simple and straight foward. The page does not have any sort of material explaining what phishing is. Once clicked on the link you will be redirected to this landing page which just goes straight to the point on how to protect yourself from phishing attacks. Other information included is “how you were tricked” and “how you can help” but with very little details. There is only one main link on the page which is the resources page for the original website that created the landing page. There is a disclaimer at the bottom of the page explaining that the content is licensed by the developers. Overall the layout of the page is basic with good colour and texture (n.d).

Washington Post – Education department warns that students financial aid are being targeted in phishing attacks

This article from September 15 2018 is about students from universities across the US being targeted in phishing attacks. several colleges and universities were reporting to The U.S Education Department that their students were becoming victims of a recent phishing attack. Emails were being sent to students to gain personal information and were successful as some students fell in for the trick. It is said that the attackers knew how the school communication worked so this could mean the attackers could be members from the school. The students that had given their information from the attack then the students would lose their student aid because the attacker would change the students direct deposit destination to their own bank account. The agency strongly recommends that the colleges and universities use a multi factor authentication for the login of student portal to reduce the number of scams (2018).

 YouTube Video 1 Newsy

This is the first video that had been listed along with numerous others when I searched “how to prevent phishing”. The video itself is very well straight forward. It begins with discussing the issue within the first 15 seconds of the video. Then they go on to tell us that phishing basically relies on human error, they don’t explain what phishing is. The second half of the video tells us what phishing attempts look like with an example they have made about a Google phishing attack and they explain that example very well. Along with the examples the video tells us what to do and what not to do when encountering an attack. The video is just over 1 minute in length which explains why there is very little information about phishing.

Video 2 Tripwire, Inc.

This second video i have found was again a YouTube video titled “tips to protect yourself against phishing scams”. This video is simply about email scams which is the most common type of phishing attack. The video begins with a short description on what a scam looks like. The second point they make in the video is to not directly clicking on a link when receiving a scam email. The 3rd and 4th point is trusting your network and deleting the email. The animated video is only 59 seconds long which was very brief and also has very little information on the issue (n.d).

 YouTube- video 3 403WebSecurity

The title of this video is called Phishing Scams: Avoid Being a Victim. The video layout, design and colour choice are simple which keeps the viewer’s focus on the content rather than the visuals.  It starts with a common question which is “why do spammers send junk mail”, a web security managing partner discusses about how spam emails can cause people to fall victim to phishing attacks and then with another common question which is “how can I protect myself from a phishing scam” in which the managing partner talks about how to prevent yourself from becoming an phishing attack victim. The video provides a basic knowledge of phishing with no written information other than the questions and basic definition of what a phishing attack is, it lacks any informative information (n.d).

YouTube video 4 State of Missouri

State of Missouri video “cybersecurity – How to spot a phishing attack” begins with the definition of what is a phishing scam then goes on to four ways on how to spot a phishing scam and ends with a “solution” which is by going on their site that has a phish check tool. The video has good visuals and bold writing with just enough information and goes through the importance of how to identify a phishing scam. The video also has a narrator with a clear voice who talks in perfect pace so that people can understand/catch the information. The format is inconsistent but for a 1 minute and 25 second video, I personally think it has captured the importance of how to create an educational phishing prevention video (n.d).

  ResearchGate Landing page 2

The webpage ResearchGate have created an anti-phishing landing page that has a quite informative information which starts off with the word “warning” written in bold bright orange that captures the attention of the reader and explains what phishing attacks and how a cybercriminal will try to steal the personal information with forged email. It’s also talks about how to protect yourself from becoming a victim of phishing attacks with 6 steps.

This landing page has great information about the process of how a con artistcybercriminal tries to trick victims to provide their personal details, it also has an example of a typical phishing email. It then goes on to talk about how to protect yourself from phishing attacks with 6 steps that is very straight forward and simple explanation that won’t overwhelm the reader. Overall the landing page has great layout and information, but a video would’ve been better as most people would prefer to listen than to read (n.d).

  YouTube – Video 5 RehmannNews

RehmannNews video “cyber security: protect your organization against Phishing” has an outstanding video visuals/animation which helps keep the reader interested and a narrator with a clear voice who talks about the importance of internet to conduct business and how it can affect an organization.

A great part about this video is that they have used an example of how a school fell victim to a phishing attack and the process of how it happened and what was the consequence of it, this allows the viewer to grasp the importance of phishing prevention attack. It also talks about what steps to take to prevent it from happening.

As I stated earlier the visuals/animation was great but the video lacked any informative information or even the basic information like what is phishing. Like all the previous videos I have seen it only target organizations not university students who tend to use the internet for educational purposes and other reasons like online shopping which is has become the new trend of shopping (n.d).


 

Comparison Table

4.1 Functionalities to be implemented and added values

As we could only one landing page regarding phishing attacks, we decided to see what the compared page lacks and what we can do to ours that will be different. We will try to have the page as simple as possible with more content. There will be information on phishing attacks such as statistics and what it is. After reading the information the use will scroll down to a video that will be required to watch. After analysing the videos on our literature review, we realized that most videos were only about 1 minute long. We want our stakeholders to have a clear understanding on the issue before knowing what to do about it. So in order for students to gain clear knowledge, we will explain what phishing is for the first 1 minute or so in the video. The landing page developed by APWG was very brief and we wanted something on our own that would look more attractive. We will include a quiz on our landing page which would be required to complete after viewing the video. The quiz will contain 30 questions on practicing how to prevent phishing. Students must get at least 80% questions correct if not then they will have to retake the quiz with the questions shuffled. The quiz is the added value of our project as students will gain tips on phishing protection.

4.2 Research approach/ methodology

If we want a successful project with good stakeholder satisfaction, we need to follow a methodology that will lead us to this success. Because this is more of a web development project, we will follow

the Software Development Life Cycle (SDLC) model (n.d). The model consists of 7 steps:

Planning

This project requires in depth planning to see what goals we want to achieve. We need to research on the topic to gain understanding so we can fulfil our stakeholder’s demands. Although there may not be any costs for this project but it might be good to take into consideration.

Analysis

We will have to analyse the system requirements. Team discussion will be need to see how goals can be achieved and how they can be included so that it relates to our functionalities and features.

System Design

The design phase is key so that we can get an idea on what we want. Screenshots of the project concept, diagram or any type of documentation that can be shown to stakeholders before implementation.

Implementation

The implementation will begin on Wix as it was the platform we chose to develop our landing page. This will probably take us about 1-2 weeks.

Testing

Testing is important so that we can see if there is any bugs or errors that we can remove and also what can be done to improve the page. We will have students or experienced testers if we can find any to test the functionalities of our landing page.

Acceptance and Deployment

Now to complete the project we can add our landing page to a domain for our stakeholders/world to access using a unique address. We will not need a domain because Wix offers free hosting for any website made on their platform.

Maintenance

The web page must be checked for consistency. Bug and errors can occur at any time so it is important to have the page go under maintenance often, this includes testing and upgrading for improvement.

4.3 software to be used

https://www.wix.com/

For us to create the landing page we will need a good web development platform. So we have decided to use wix.com which is an open source cloud based tool for web development. Wix uses HTML5 for website creation and gives us many choices for editing. We also came across few other developers such as Mobirise when doing our research but we believe that Wix was the best option for us due to its popularity and reviews. Wix also allows users to create and implement quizzes and games onto the web pages so this come in handy for us as we will not have to look for something unless we run into to unexpected issues we will have to find alternatives such as visual studio.

Below is a screenshot of the landing page that is currently under construction.

Gantt chart

Minutes Meeting

References

  • 2016. [Online] 26 October 2016. https://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11736097.
  • n.d. [Online] n.d n.d n.d. https://www.youtube.com/watch?v=VFa8gvvbELAYoutube.
  • n.d. [Online] n.d n.d n.d. https://www.youtube.com/watch?v=CJzWklcMd2I.
  • n.d. [Online] n.d n.d n.d. https://www.youtube.com/watch?v=ai8EoOYR_ME.
  • n.d. [Online] n.d n.d n.d. https://www.youtube.com/watch?v=NPdvWm4_hFc.
  • n.d. APWG. [Online] n.d n.d n.d. http://phish-education.apwg.org/r/en/index.htm.
  • 2012 . Classless notes. [Online] 20 January 2012 . http://classlessnotes.blogspot.com/2012/01/it-project-management-measurable.html.
  • n.d. Research Gate. [Online] n.d n.d n.d. https://www.researchgate.net/figure/Revised-condensed-version-of-the-landing-page-We-made-the-instructions-look-exactly-the_fig2_228846483.
  • n.d. Technology. Technology.pit. [Online] n.d n.d n.d. https://www.technology.pitt.edu/security/phishing-awareness-don%E2%80%99t-take-bait-learn-spot-scam.
  • 2018. Washington Post. [Online] 15 September 2018. https://www.washingtonpost.com/education/2018/09/15/education-department-warns-that-students-financial-aid-are-being-targeted-phishing-attacks/?noredirect=on&utm_term=.e4264707e9ba.
  • n.d. website development. [Online] 5 October n.d. http://web-site-development-solutions.blogspot.com/2010/10/7-phases-of-web-development-life-cycle.html.

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please:

Related Lectures

Study for free with our range of university lectures!