What Phishers Can Teach You - What Does This Mean?
(Page 4 of 4 )

Two of the author’s hypotheses were supported by the results of the study. First of all, it showed that participants were tripped up “because they lacked knowledge of how computer systems worked and did not have an understanding of security systems and indicators.” Many participants were also fooled by visual tricks used by phishers to convince them their sites were genuine. (Remember, the study’s design precluded any chance to prove that lack of attention was a cause of users falling victim to phishing attacks).

The authors added two other hypotheses, based on the results of the study, as to why web surfers fall for phishing attacks. One was lack of knowledge of web fraud. If a user doesn’t know that web sites can be spoofed, he or she won’t have any reason to be suspicious. The other hypothesis is that many users’ knowledge of security is in error. The authors cited a number of misconceptions the study participants held as to what features indicate a web site is legitimate. These included “professional-looking images, animations, and ads.” Likewise, some participants distrusted legitimate web pages because they lacked such indicators.

So what does this mean for web site designers? Well, it suggests that a different approach needs to be taken as far as creating secure web sites. Certainly, education is in order, not only for what signals a secure web site, but what doesn’t. Otherwise, legitimate organizations can find themselves judged to be less than trustworthy even when they “follow security precautions, such as allowing users to only login from dedicated SSL protected pages.”

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: What Phishers Can Teach You

· I thought the research was rather eye-opening. Thanks for reading. Feel free to...    · Great article as always Terri.I'm wondering if you have thoughts about the...    · Thanks Caroline! Well, I wouldn't extrapolate to little dancing bears on your...   >>> Post your comment now!