Phishing is the term used to describe an attempt to extract personal/financial information (e.g., PIN numbers, credit card information, bank account numbers) from unsuspecting people through fraudulent e-mail. An article in Chance (Summer 2007) demonstrates how statistics can help identify phishing attempts and make e-commerce safer. Data from an actual phishing attack against an organization were used to determine whether the attack may have been an "inside job" that originated within the company. The company set up a publicized e-mail account-called a "fraud box"-that enabled employees to notify them if they suspected an e-mail phishing attack. The inter arrival times, i.e., the time differences (in seconds), for 267 fraud box e-mail notifications were recorded and saved in the file. Chance showed that if there is minimal or no collaboration or collusion from within the company, the inter arrival times would have a frequency distribution similar to the one shown in the accompanying figure. Construct a frequency histogram for the inter arrival times. Give your opinion on whether the phishing attack against the organization was an "inside job."

Transcribed Image Text:

0.012 0.010 0.008 0.006 0.004 0,002 0 100 200 300 400 500 600 Time Differences