Phishing works – from ‘Why Phishing Works‘ by Dhamija, Tygar, and Hearst
- Good phishing websites fool users very easily. They use the same imagery as the legitimate website.
- Existing anti-phishing browser cues are ineffective. In one study 23% of the participants didn’t look at the address bar, status bar, or the security indicators
- Popup warnings are ineffective: users will click ‘ok’ on anything!
- Participants in this study – they were all fooled to some degree – it didn’t matter if they were IT professionals, or under graduates, old/young, well experienced Internet users or newbies.