Phishing attacks to e-mail accounts. Phishing is the term used to describe an attempt to e...

Phishing attacks to e-mail accounts. Phishing is the term used to describe an attempt to extract personal/financial information (e.g., PIN numbers, credit card information, bank account numbers) from unsuspecting people through fraudulent e-mail. An article in Chance (Summer 2007) demonstrates how statistics can help identify phishing attempts and make e-commerce safer. Data from an actual phishing attack against an organization were used to determine whether the attack may have been an “inside job” that originated within the company. The company set up a publicized e-mail account—called a “fraud box”—which enabled employees to notify it if they suspected an e-mail phishing attack. The interarrival times, i.e., the time differences (in seconds), for 267 fraud box e-mail notifications were recorded. Researchers showed that if there is minimal or no collaboration or collusion from within the company, the interarrival times would have a frequency distribution similar to the one shown in the accompanying figure. The 267 interarrival times are saved in the PHISHING file. Construct a frequency histogram for the interarrival times. Give your opinion on whether the phishing attack against the organization was an “inside job.”