[EAS] Big Phish Eat Little Fish

Peter J. Kindlmann pjk at design.eng.yale.edu
Thu Apr 6 00:44:32 EDT 2006

A dismayingly wide-spread susceptibility to phishing continues to
feed the unscrupulous.  --PJK

(from Edupage, April 05, 2006)

A new paper published by three academics tries to explain why, after
all the press about phishing scams, so many computer users continue to
fall for them. "Why Phishing Works," written by Rachna Dhamija of
Harvard University and Marti Hearst and J. D. Tygar of the University
of California at Berkeley, points out that despite a general awareness
of phishing rackets, most users are unable to discern the difference
between a legitimate Web site and one spoofed to look like the site of
a bank or other financial institution. In one exercise, the researchers
created a fake bank site that fooled 91 percent of subjects
participating in the experiment. Similarly, 77 percent misidentified a
legitimate E*Trade e-mail as fraudulent. Experts attribute some of the
problem to ignorance and some to users' not taking simple precautions,
such as looking closely at the address bar of Web pages. Bernhard
Otupal, a crime intelligence officer for high-tech crime at Interpol,
noted that in one recent phishing scam, a number of users went to a
site pretending to be that of a prominent bank and entered personal
information even though they were not even customers of that bank.
ZDNet, 3 April 2006

More information about the EAS-INFO mailing list