Four out of 10 phishing sites fooled typical web users in a study carried out by US academics.
Researchers at Harvard University and the University of California, Berkeley, collected samples of phishing sites and then carried out a useability study in which 22 participants were asked to decide which ones were fraudulent. The survey found that participants made incorrect choices 40% of the time, with the most sophisticated phishing websites fooling 90% of participants.
One reason for the high deception rate was because 23% of participants did not pay attention to warning signals from the address bar in their browser or the security indicators, the study found.
Popup warnings about fraudulent certificates were also found to be ineffective: 15 out of 22 participants proceeded without hesitation...