04-01-2006, 06:12 PM
A research paper by 3 Harvard/UC Berkeley professors: Why Phishing Works
The opening section on user interfaces was interesting.
the entire reasearch paper: http://people.deas.harvard.edu/~rachna/p..._works.pdf
According to the study, 5% of people who receive phishing emails fall for them. I'm being lazy now and not searching TulipTools to verify my next statement, but I think that 5% figure isn't much different than the percentage of email recipients who respond to legitimate marketing emails. The study also found that anti-phishing indicators in browser toolbars (like the eBay toolbar) are ineffective because 23% of people don't bother to look at the browser status indicators.
The opening section on user interfaces was interesting.
Quote:What makes a web site credible? This question has been
addressed extensively by researchers in computer-human
interaction. This paper examines a twist on this question:
what makes a bogus website credible? In the last two
years, Internet users have seen the rapid expansion of a
scourge on the Internet: phishing, the practice of directing
users to fraudulent web sites. This question raises
fascinating questions for user interface designers, because
both phishers and anti-phishers do battle in user interface
space. Successful phishers must not only present a highcredibility
web presence to their victims; they must create
a presence that is so impressive that it causes the victim to
fail to recognize security measures installed in web
browsers.
the entire reasearch paper: http://people.deas.harvard.edu/~rachna/p..._works.pdf
According to the study, 5% of people who receive phishing emails fall for them. I'm being lazy now and not searching TulipTools to verify my next statement, but I think that 5% figure isn't much different than the percentage of email recipients who respond to legitimate marketing emails. The study also found that anti-phishing indicators in browser toolbars (like the eBay toolbar) are ineffective because 23% of people don't bother to look at the browser status indicators.