Scary stuff.
Link: Why phishing catches punters | The Register.
Users fixate on the weirdest things
The site that fooled all but one participant in the study was for Bank of the West (that’s a link to the real website … or is it?). On that site was a cute animated video of a bear. Evidently that tickled a number of the users who reloaded the page several times to see that animated bear. In fact, some of the participants said that the animation was proof that the site was legit, since it would take too much effort to copy it!
The ordinary folks in the study also figured that if a site has ads on it, then that increases the likelihood that it’s not a fake. Likewise, the presence of a favicon (the little icon that appears in the address bar to the left of the URL) was deemed indicative of a site that was not out to steal your money and identity. Amazing what people glom onto.
One reply on “Why phishing catches punters – The Register”
It used to be easy to spot spam and hacking/phishing email because there would always be a grammar or spelling mistake (rather like ignoring virus warnings in ALL CAPS). The converse is that you presume any site done professionally is professional, when it might just be stealing professional content. Just thinking about how tools like the IE 7 phishing filter work (http://www.regdeveloper.co.uk/2006/06/06/getting_ie7_right/ and http://marypcb.livejournal.com/184445.html) make my head feel I’m following a design plan by Escher