Born from Research
Wombat Security Technologies is a company born from research. In 2008 our cofounders Norman Sadeh, Lorrie Cranor, and Jason Hong pioneered the concept of teaching users how to avoid unsafe links with their research papers and subsequent educational game Anti-Phishing Phil™. To view our white papers or case studies, visit our White Papers page. The concept of interactive training that improves learning and retention is still active today.
Read below some of the related research from our founders that were the genesis for Wombat Security and today’s security awareness and training offering.
2017 State of the Phish
A Wombat Security Research Report, January 2017.
2016 Beyond the Phish
A Wombat Security Research Report, September 2016.
2016 State of the Phish
A Wombat Security Research Report, January 2016.
The Cost of Phishing & Value of Employee Training
A Ponemon Institute and Wombat Security Research Report, August 2015.
The Last Mile in IT Security: Changing User Behaviors
An Aberdeen and Wombat Security Research Report, January 2015.
Security Awareness Training: It’s Not Just for Compliance
David Monahan. An ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) Research Report, April 2014.
DEF CON 21 Social Engineering Capture the Flag Contest Results
Social-Engineer.org, November 2013.
Qrishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks
Timothy Vida, Emmanuel Owusu, Shuai Wang, Cheng Zeng, Lorrie Cranor. CMU CyLab, November 2012.
The State of Phishing Attacks: Looking Past the Systems People Use, They Target the People Using the Systems
J. Hong. Communications of the ACM, Vol. 55 No. 1, January 2012, Pages 74-81.
Measuring Password Strength by Simulating Password-Cracking Algorithms
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Rich Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez. Guess again (and again and again): CyLab Technical Report cmu-cylab-11-008, August 21, 2011.
Of Passwords and People: Measuring the Effect of Password-Composition Policies
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. In CHI 2011: Conference on Human Factors in Computing Systems, May 2011.
School of Phish: A Real-World Evaluation of Anti-Phishing Training
P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M.A. Blair, and T. Pham. SOUPS 2009. [Originally published as CyLab Technical Report CMU-CyLab-09-002, 2009].
Teaching Johnny Not to Fall for Phish
P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. ACM Transactions on Internet Technology, Vol. V, No. N, September 2009, Pages 1–31.
Anti-Phishing Landing Page: Turning a 404 Into a Teachable Moment for End Users
P. Kumaraguru, L. Cranor, and L. Mather. CEAS 2009.
Lessons From a Real-World Evaluation of Anti-Phishing Training
P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. In Proceedings of the third eCrime Researchers Summit (eCrime 2008), October 15-16, 2008, Atlanta, GA.
Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer
P. Kumaraguru, Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. Cranor and J. Hong. In Proceedings of the 2nd Annual eCrime Researchers Summit, October 4-5, 2007, Pittsburgh, PA, p. 70-81.
Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish
S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. In Proceedings of the 2007 Symposium On Usable Privacy and Security, Pittsburgh, PA, July 18-20, 2007.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites
Y. Zhang, J. Hong, and L. Cranor. In Proceedings of the 16th International conference on World Wide Web, Banff, Alberta, Canada, May 8-12, 2007.
Learning to Detect Phishing Emails
I. Fette, N. Sadeh, and A. Tomasic. In Proceedings of the 16th International Conference on World Wide Web, Banff, Alberta, Canada, May 8-12, 2007.
Protecting People From Phishing: The Design and Evaluation of an Embedded Training Email System
P. Kumaraguru, Y. Rhee, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. In CHI 2007: Conference on Human Factors in Computing Systems, San Jose, California, 28 April – May 3, 2007, p. 905-914. [Originally published as CyLab Technical Report CMU-CyLab-06-017, 2006].