Why Phishing Works

SecurityFocus: Researchers at Harvard University and UC Berkeley have published a document explaining why phishing works on general users.

This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time.

http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf

source Schneier on Security.


Leave a Reply