Phisherman is an online software tool that was created to help experimenters study phishing. It can potentially be re-purposed to run other human studies. Phisherman enables studies to be run online, so that users can participate from their own computers. This means that experimenters can get data from subjects in their natural settings. Alternatively, an experimenter can also run the app online in a lab-based setting, if that is desired. The software enables the online deployment of a study that is comprised of three main parts: (1) a consent page, (2) a survey, and (3) an identification task, with instruction/transition screens between each part, allowing the experimenter to provide the user with instructions and messages. Upon logging in, the subject is taken to the permission page, where they agree to or do not agree to take part in the study. If the subject agrees to participate, then the software randomly chooses between doing the survey first (and identification task second) or the identification task first (and survey second). This is to balance possible order effects in the data. Procedurally, in the identification task, the software shows the stimuli to the subject, and asks if she thinks it is a phishmore » (yes/no) and how confident she is about her answer. The subject is given 5 levels of certainty to select from, labeled low (1), to medium (3), to high (5), with the option of picking a level between low and medium (2), and between medium and high (4). After selecting his/her confidence level, then the Next button activates, allowing a user to move to the next email. The software saves a given subjects progress in the identification task, so that she may log in and out of the site. The consent page is a space for the experimenter to provide the subject with human studies board /internal review board information, and to formally consent to participate in the study. The survey is a space for the experimenter to provide questions and spaces for the users to input answers (allowing both multiple-choice and free-answer options). Phisherman includes administrative pages for managing the stimuli and users. This includes a tool for the experimenter to create, preview, edit, delete (if desired), and manage stimuli (emails). The stimuli may include pictures (uploaded to an appropriate folder) and links, for realism. The software includes a safety feature that prevents the user from going to any link location or opening a file/image. Instead of re-directing the subjects browser, the software provides a pop-up box with the URL location of where the user would have gone. Another administrative page may be used to create fake subject accounts for testing the software prior to deployment, as well as to delete subject accounts when necessary. Data from the experiment can be downloaded from another administrative page.« less
PHISHERMAN V1; 003777MLTPL00
DOE Contract Number:
Software Package Number:
Software Package Contents:
Open Source Software package available from Sandia National Laboratories at the following URL: http://phisherman.sandia.gov
Source Code Available:
Sandia National Laboratory
United States Department of Energy
Margot Kimura, Ann Speed, Derek Trumbo, JT McClain
To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .
ESTSC staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, ESTSC will contact you. No further action will be taken until all required information and/or payment is received. Orders are processed within three to five business days.
Software Package Details
Title: Phisherman v 1.0
Some links on this page may take you to non-federal websites. Their policies may differ from this site.