Why Phishing Works 293
h0neyp0t writes "Harvard and Berkeley have released a study that shows why phishing attacks work (pdf). When asked if a phishing site was legit or a spoof, 23% of users use only the content of the website to make the decision! The majority of users ignore the address and SSL indicators in the browser. Some users think that favicons and lock icons in HTML are more important indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension."
Simply because .... (Score:5, Funny)
That is all
Re:The Blind Squirrel (Score:5, Funny)
Get ready for on-line voting? (Score:2, Funny)
"Dauh, I thought I voted for the other guy when I clicked his picture in the e-mail reminding me to vote!"
Re:Short answer (Score:2, Funny)
Re:I have another theory (Score:3, Funny)
Re:And this might be optimistic (Score:5, Funny)
A common formula for the IQ of a group is to take the IQ of the highest member of the group, and divide by the number of people in the group.
The highest IQ is the US is that of Marilyn Vos Savant, estimated at 228. (That's the high estimate. Might as well give the benifit of the doubt.)
The population of the US is 295,734,134, according to the CIA world factbook.
That means the IQ of the US is 7.70962746×10^-7.
Doesn't seem likely. (Score:2, Funny)
While I don't mind taking a swipe at M$ft from time to time, I find it difficult to imagine how a brightly colored red address bar (even one outside the focus of attention) with "Phishing Website" written on it will be ignored.
The only thing (and I am keeping in mind users that are not extremely tech savvy) that would be more obvious would be a "arm-like" device attached to one's monitor that points to the "Phishing Website" text displayed on the screen and whacks you on the top of your head if you still proceed to enter all your personal information in.