Thursday, April 27, 2006

The Secrets of Why Phishing Scams Work

From Resourceshelf, a link to a new paper from the Conference on Human Factors in Computing Systems entitled Why Phishing Works. It is written by 3 scholars from Harvard and University of California Berkeley.

Phishing describes Internet scams using emails designed to look like they come from legitimate institutions in order to con people into providing personal financial information or passwords.

From the abstract:

"To build systems shielding users from fraudulent (or phishing) websites, designers need to know which attack strategies work and why. This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users. We first analyzed a large set of captured phishing attacks and developed a set of hypotheses about why these strategies might work. We then assessed these hypotheses with a usability study in which 22 participants were shown 20 web sites and asked to determine which ones were fraudulent. We found that 23% of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40% of the time. We also found that some visual deception attacks can fool even the most sophisticated users. These results illustrate that standard security indicators are not effective for a substantial fraction of users, and suggest that alternative approaches are needed."

Earlier Library Boy posts on phishing and other forms of Internet fraud:

Labels: ,

Bookmark and Share Subscribe
posted by Michel-Adrien at 8:15 pm


Post a comment

<< Home