Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Phishing Works

Posted by ryuzaki0 on from the lower-your-expectations dept.

h0neyp0t writes "Harvard and Berkeley have released a study that shows why phishing attacks work (pdf). When asked if a phishing site was legit or a spoof, 23% of users use only the content of the website to make the decision! The majority of users ignore the address and SSL indicators in the browser. Some users think that favicons and lock icons in HTML are more important indicators. The paper hints that the proposed IE7 security indicators and multi-colored address bar will also suffer a similar fate. This study is brought to you by the people who developed the security skins Firefox extension."

1 of 293 comments (clear)

  1. While ISPs learn to block... by fak3r · · Score: 5, Informative

    I always encourage others to 'go on the offensive' and help polute phisher's databases with the awesome site: PhishFighting.com. Set a few tabs open to fill the phisher's database with useless Data, check back later and see the site is offline (likely from the attention garnered from all the bandwidth useage!

    As bosses would say "It's a win-win!"

    --
    fak3r.com