Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Phishing Works

Posted by ryuzaki0 on from the lower-your-expectations dept.

h0neyp0t writes "Harvard and Berkeley have released a study that shows why phishing attacks work (pdf). When asked if a phishing site was legit or a spoof, 23% of users use only the content of the website to make the decision! The majority of users ignore the address and SSL indicators in the browser. Some users think that favicons and lock icons in HTML are more important indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension."

7 of 293 comments (clear)

  1. Simply because .... by cfortin · · Score: 5, Funny

    People are stupid. Total knuckle biters. Every one of them.

    That is all ...

  2. Re:The Blind Squirrel by $RANDOMLUSER · · Score: 5, Funny

    I've been proposing for a long time that the "Yes/No/Cancel" type dialog boxes should simply be replaced with a single "Whatever" button, as users NEVER read what the dialog box says.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  3. Get ready for on-line voting? by coastin · · Score: 2, Funny

    With news of the obvious (to us geeks) like this, it won't take long for the US Congress to enact on-line voting.

    "Dauh, I thought I voted for the other guy when I clicked his picture in the e-mail reminding me to vote!"

    --
    I lost my sig...
  4. Re:Short answer by slashid · · Score: 2, Funny

    We all know that if you teach a man to phish he will eat for a lifetime....

  5. Re:I have another theory by eargang · · Score: 3, Funny

    Considering 4 to 5 children are born every second, are you saying that only 0.37% of the population consists of suckers? ...have you looked around lately?

  6. Re:And this might be optimistic by Daniel_Staal · · Score: 4, Funny

    I recently did this caluation, and it sounds relevent here...

    A common formula for the IQ of a group is to take the IQ of the highest member of the group, and divide by the number of people in the group.

    The highest IQ is the US is that of Marilyn Vos Savant, estimated at 228. (That's the high estimate. Might as well give the benifit of the doubt.)

    The population of the US is 295,734,134, according to the CIA world factbook.

    That means the IQ of the US is 7.70962746×10^-7.

    --
    'Sensible' is a curse word.
  7. Doesn't seem likely. by zubinjdalal · · Score: 2, Funny

    From the synopsis (and echoed in the paper): "The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate."

    While I don't mind taking a swipe at M$ft from time to time, I find it difficult to imagine how a brightly colored red address bar (even one outside the focus of attention) with "Phishing Website" written on it will be ignored.

    The only thing (and I am keeping in mind users that are not extremely tech savvy) that would be more obvious would be a "arm-like" device attached to one's monitor that points to the "Phishing Website" text displayed on the screen and whacks you on the top of your head if you still proceed to enter all your personal information in.