Skip to main content

Spin-off: Wombat Securities

Wombat Security Technologies, launched in 2008, is the commercial brainchild of CyLab researchers Norman Sadeh, Jason Hong, and Lorrie Cranor and stems from their ongoing work in the area of cyber security.  With funding provided by CyLab, the three Carnegie Mellon University faculty members developed several tools designed to Wombat Securitiescounter the ever-increasing threat posed by phishing, a trust-based form of cyber attack that uses spoofed email messages and web sites to trick unsuspecting users into disclosing personal information.  Their work is part of one of the largest anti-phishing research projects in the U.S. 

What sets Wombat apart from other companies that provide anti-phishing solutions is its recognition that, while email filters designed to catch phishing messages before they reach a user’s inbox are certainly necessary, they cannot be relied upon as an organization’s sole line of defense.  Users themselves can play a significant role in countering phishing attacks if given the right kind of training.

On the filtering front, Wombat offers PhishPatrol™.  PhishPatrol operates on advanced machine learning technology rather than manual updates to build proactive heuristics that work from the onset of new phishing attacks.  Many filters have a high rate of false positives, rely heavily on manually updated blacklists that are perpetually outdated, and have proven highly ineffectual in the battle against phishing.  Sadeh, Hong, and Cranor created PhishPatrol in response to the poor performance of existing spam and email filters. Testing of PhishPatrol has demonstrated its success at identifying and capturing more phishing emails than the best spam filters, and with far fewer false positives.   

Wombat’s other products focus on training users by increasing awareness about phishing and involving them directly in the ongoing fight against phishing attacks. Anti-Phishing Phil™, born in response to research indicating that users are generally not adept at recognizing the signs of common phishing attacks, is an online game that engages users in a series of challenges that test their ability to identify URLs as being either legitimate or illegitimate.  In developing the game, Sadeh, Hong, and Cranor drew upon learning science principles that suggest that training is more effective when delivered via a goal-oriented, challenging, contextual, and interactive methodology. User testing conducted on Anti-Phishing Phil has demonstrated that the game is much more effective than other training solutions at helping users both to learn about and retain knowledge about phishing attacks.

PhishGuru™, Wombat’s other user training tool, came about in response to studies showing that users pay little attention to traditional online training materials on cyber security.  The PhishGuru system is an embedded training solution that allows organizations to set up and launch simulated phishing attacks on internal users.  Like Anti-Phishing Phil, PhishGuru is based on learning science principles.  Training messages are engaging and provided immediately within the context of the phishing attack.  If a user falls prey to an attack by clicking on a URL in a scam email, PhishGuru provides pop-up training messages in the form of cartoons that grab the user’s attention, taking advantage of what Sadeh, Hong, and Cranor call the “teachable moment.”  PhishGuru’s embedded training approach has proven very effective not only at teaching users about cyber security, but also at helping users remember what they learn.