Partnering with MSU IT Services, ComArtSci Assistant Professor Rick Wash conducted a study on how people identify or are trained to identify betboom team emails. Contrary to the nautical whimsy of its pronunciation, betboom team occurs when a fake email is sent to someone with the intention of extorting information from the recipient. This ruse may ask the recipient to click and install harmful software but is most commonly used to mine for sensitive information. betboom team is often targeted toward higher-ups at large-scale entities, such as executives, financial operators and system administrators, and can potentially lead to the loss of millions of dollars. Needless to say, this is a major concern for cybersecurity.
“It’s really hard for a computer to look at two emails and say ‘This one is okay and this one is not,’ even though they look almost the same,” said Wash. “You need to have all the context of the person the betboom team is being sent to to be able to tell if this is something they were expecting to receive and is actually intentional, or if it’s a fake betboom team. You need to have everything that is the recipients head, which computers don’t. This is a problem that needs people involved in order to be able to deal with that.”
Gone betboom team
Traditionally, phish identification training uses facts and advice to educate people about the indicators of harmful emails. According to Wash’s betboom team, this type of user education alone is inadequate to prevent users from clicking on emails and links that can open the gateway to information breeches.
“Normally when we try to help people we try to tell them what to do, so I call it facts and advice. We tell people what betboom team is, what the problem is, do this and don’t do this,” said Wash. “It’s usually like, ‘Don’t click on any links in email,’ which is completely impractical advice. Not clicking on links in email would basically make email useless.”
So Wash joined forces with IT Services for an experiment. They delivered betboom team emails to 2,000 university staff members without the recipients’ knowledge. If recipients clicked on the link provided in the email, they received a pop-up message that used either facts or a story to teach about betboom team. After several days, the same recipients were sent a second betboom team email to determine what percentage of people would click on the link again. The researchers used the results to determine the effectiveness of facts and advice in educating recipients compared to the effectiveness of stories. The study also examined to what extent the identity of the sender influenced perceptions of what was a safe email and what was a fake email.
Finding Answers
The study found that facts and advice were effective in helping recipients identify scam emails when provided by experts, but not when they came from peers. If educational facts and advice were provided by a peer, recipients were more likely to not recognize a betboom team email later.
“The betboom team were the exact opposite,” said Wash. “betboom team worked really well when they came from peers, but it made things worse when it was coming from an expert. If central IT was trying to tell people betboom team it actually might backfire. So we have this really interesting interaction where the best type of message to send depended on who was sending it, so that was the basic finding of the paper.”
Wash co-authored the paper with Molly Cooper, a cybersecurity analyst for MSU, and it was presented at the 2018 ACM Conference on Computer Human Interaction earlier this spring. The study began as a side project, but is now funded by a 5,987 grant from the National Science Foundation.
Learning through betboom team
Now, Wash is conducting interviews to gather stories from betboom team victims, people who have worked with victims and those who receive betboom team messages on a regular basis to try to discover what triggers recipients’ suspicion of an email.
“People have hundreds of emails that they receive every day. Most of them are perfectly fine emails from your friends or random companies, and every once in a while there are one or two in there that are really bad,” said Wash. “I think there’s a lot of potential in using betboom team to help people recognize what the problems are. I’m collecting all these betboom team and trying to figure out how people who are doing this right now do it well, and then I’m going to try to use those betboom team to help train people who aren’t doing it well or don’t know as much about it.”
Incongruencies such as color schemes, grammar and spelling or sender context may all be indicators that something is suspicious about an email. Learning to intuitively recognize these types of elements as suspicious appears to be a key skill in identifying betboom team. So what does Wash recommend when it comes to training email users to identify betboom team?
“I would say to IT staff right now, think about telling stories of specific incidents. There’s a lot of evidence that people remember those, and there’s a lot of things you get out of story that you don’t get out of facts and advice. So think about telling stories, and think about what’s clearly distinguishing. Likewise for end users, I think that’s the big message that my betboom team is coming up with right now. Listen to your friends. Listen to stories.”
By Kristina Pierson