phishing seeing believing security Internet business risk management

Short version of why phishing works: users don’t look at the URL because they don’t understand URL or domain syntax, and they do believe graphics, as in if the web page has a security symbol on it, they think it’s secure. Long academic paper referenced by a news story,

For their paper, titled "Why Phishing Works," ( PDF here) Rachna Dhamija of Harvard University and Marti Hearst and J.D. Tygar of the University of California at Berkeley, conducted tests on a small sample of users. They found that 90 percent of subjects were unable to pick out a highly effective phishing e-mail when simply judging whether or not it was genuine.

The secret of phishers’ success By Will Sturgeon, Special to CNET News.com, Published: April 3, 2006, 10:20 AM PDT

In other words, people believe what they see. Seeing may be believing, but it’s not very good security.

-jsq

Perilocity

Beyond Internet security to risk management

Tag Archives: phishing seeing believing security Internet business risk management

Why Phishing Works