Why Phishing Works
Filed in archive by randy on April 05, 2006
University and UC Berkeley have published a document explaining why phishing works on general users.This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time.
http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf
source Schneier on Security.
Permalink: Why Phishing Works
Tags:
phishing spam
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/19568







