KIT research group SECUSO: Fraudulent e-mails are shot down

Photo: Research group leader Prof. Dr. Melanie Volkamer

Submachine guns as an important tool against cyber criminals. This is not only available in Hollywood, but recently also in Karlsruhe. In the game “Phishing Master”, fraudulent emails can be effectively eliminated with a virtual gun.

The whimsical mail hunt was devised and designed by the two students Philipp Matheis and Tobias Längle in the style of a first-person shooter. And the office shooting game is not just about passing the time and chasing the next high score. The game is an integral part of a publicity campaign by the SECUSO research group at the Institute for Applied Informatics and Formal Description Methods (AIFB) at the Karlsruhe Institute of Technology (KIT). The aim is to sensitize citizens to the daily threat of cybercrime.

Phishing is a widespread scam

“Young people like to gamble. That’s why we want to pick them up where they feel most comfortable,” says SECUSO Director Prof. Dr. Melanie Volkamer. Older people are more likely to be made aware of the dangers of cybercrime by reading flyers . And for puzzle fans, the SECUSO website also features the “No Phish Quiz” with questions on the subject of phishing.

Phishing is an attempt by criminals to gain access to other people’s computers with emails or messages that inspire confidence. Users are often misled with false websites or emails. At first glance, the messages look like originals from banks or mail order companies. However, if one of the messages is clicked on, malware is installed on the computer. This software can then be used to search the computer for secret data such as bank details or passwords.

Great danger for companies

“Phishing is now causing a lot of damage, especially to companies. But private individuals are not safe from such scams either,” emphasizes Volkamer. Typical features of phishing emails include spelling mistakes, links to click on or files to download, cryptic email addresses and requests to enter personal data. Around 10,000 phishing cases were reported to the Federal Criminal Police Office in 2019. However, the number of unreported cases is likely to be much higher. This is also because banks have so far usually refunded the money scammed from private individuals through phishing without much fuss. “So far, this sum has apparently been less than the damage to our image if online banking is classified as unsafe,” says Volkamer.

Too careless handling of personal data

With this campaign, the research group wants to raise users’ awareness of the dangers of internet fraud . “Phishing is one of the biggest gateways for criminals, especially for companies. That’s where end users come in,” emphasizes Volkamer. But even in the private sphere, careless handling of data can turn out to be a boomerang for security. “People are increasingly on the internet. They are sometimes quite lax with their data,” emphasizes Volkamer. Younger people are even more at risk than older people. “Young people often lack a certain basic skepticism towards the Internet,” says Volkamer. And some people have to pay the price for their blind trust in social media such as Facebook or WhatsApp. Volkamer also sees a need to catch up in the fight against cybercrime at technology . Outdated computers and poor virus protection make life just as easy for criminals as easy-to-crack passwords.