Question: Phishing attacks to email accounts. Phishing is the term used to describe an attempt to extract personal/financial information (e.g., PIN numbers, credit card information, bank account numbers) from unsuspecting people through fraudulent email. An article in Chance (Summer 2007) demonstrates how statistics can help identify phishing attempts and make e-commerce safer. Data from an actual phishing attack against an organization were used to determine whether the attack may have been an ‘‘inside job'' that originated within the company. The company setup a publicized email account-called a ‘‘fraud box''-that enabled employees to notify them if they suspected an email phishing attack.
The interarrival times, that is, the time differences (in seconds), for 267 fraud box email notifications were recorded. Chance showed that if there is minimal or no collaboration or collusion from within the company, the interarrival times would have a frequency distribution similar to the one shown in the accompanying figure (p. 18). The 267 interarrival times are saved in the PHISHING file. Construct a frequency histogram for the interarrival times. Is the data skewed to the right? Give your opinion on whether the phishing attack against the organization was an ‘‘inside job.''