Phishing works – from ‘Why Phishing Works‘ by Dhamija, Tygar, and Hearst

  1. Good phishing websites fool users very easily. They use the same imagery as the legitimate website.
  2. Existing anti-phishing browser cues are ineffective. In one study 23% of the participants  didn’t look at the address bar, status bar, or the security indicators
  3. Popup warnings are ineffective: users will click ‘ok’ on anything!
  4. Participants in this study – they were all fooled to some degree – it didn’t matter if they were IT professionals, or under graduates, old/young, well experienced Internet users or newbies.