Hi! My name is Shristi Sharma and I am a 9th grader at Maharishi School in Fairfield, IA. This year I participated in the State Science and Technology Fair of Iowa (SSTFI) and the Eastern Iowa Science and Engineering fair(EISEF) with a project in the Computer Science category titled "Phishing: Don't Take the Bait, Protect Your Sensitive Information."
I earned awards at both fairs: At EISEF I won an "Inspiring Excellence" award and an Honorable Mention and at SSTFI I won first place in the computer science category and an "Intel Excellence In Computer Science Award."
The SSTFI also invited me to come to the International Science and Engineering Fair (ISEF) in Pittsburgh, PA from May 13-18 as a "Student Observer" to experience amazing top-level projects from science fair winners around the world. This would be the ideal setting for me to learn from these projects, whereby I can be inspired to come back again and compete. This is a tremendous honor and opportunity as I envision continuing in this field with a career in programming and cyber-protection. The encouragement I've received and support thus far motivated me to further my experience and studies in this field .
I am so excited to go to ISEF, however the cost of this trip for myself and a supervisor is $2,400. Your support in helping me undertake this endeavor would be greatly appreciated!
About My Project:
Phishing is a cybercrime where a target(s) is contacted by someone posing as a legitimate institution/person, to lure them into providing sensitive data (banking/credit card details, and passwords) to access important accounts which can result in identity theft and financial loss. Around 80,000 people fall for this attack everyday!
I wanted to see if employees in the workforce fell for a spear(direct) - phishing attack more than a general phishing email. This is because every three out of four companies reported falling victim to phishing in 2016 and this number has only increased now. We like to think we are vigilant with general scams asking for money or giving us some reward, but how careful are people when somebody explicitly targets them with a narrative that is based on trusted information? My hypothesis was: if the type of email is a spear-phish, is there then a higher chance that the recipient will open the email, click the link, and attempt to enter credentials?
I sent the employees of five different companies two emails: a general phishing email about an employee contract update and a spear-phishing email about receiving an additional bonus. My sample size included companies that had given training to their employees and those who hadn't even heard of phishing. On average, 38% fell for the general phish, and 69% fell for the spear phish. Companies that had previously trained their employees were 4.5 times less likely to fall for the attacks.
However, there was one company who had trained their employees, yet had the second highest click-through rate. Isn't that weird? So, after looking at it a little more, I found that even though this company had trained their employees, they had never really tested them. If I learn something at school, I am most likely to forget about it if I don't see an everyday application of it or use it in my life. This shows that people are not aware of phishing and still take the bait that could cost them, and their companies, millions of dollars. We need to train, and even more importantly, test every single person to spot the phish and keep their information safe.
Thank you in advance for your time. I would love to be a part of making our world cyber-safe, and truly appreciate your help in assisting me with this ambition!
DonationsSee top donations
- Vimarsh Raina
- Alan Marks
- Susan Marcus
Organizer and beneficiary
#1 fundraising platform
More people start fundraisers on GoFundMe than on any other platform. Learn more
In the rare case something isn’t right, we will work with you to determine if misuse occurred. Learn more
Expert advice, 24/7
Contact us with your questions and we’ll answer, day or night. Learn more