Why phishing catches punters – The Register

Scary stuff.

Link: Why phishing catches punters | The Register.

Users fixate on the weirdest things

The site that fooled all but one participant in the study was for Bank of the West (that’s a link to the real website … or is it?). On that site was a cute animated video of a bear. Evidently that tickled a number of the users who reloaded the page several times to see that animated bear. In fact, some of the participants said that the animation was proof that the site was legit, since it would take too much effort to copy it!

The ordinary folks in the study also figured that if a site has ads on it, then that increases the likelihood that it’s not a fake. Likewise, the presence of a favicon (the little icon that appears in the address bar to the left of the URL) was deemed indicative of a site that was not out to steal your money and identity. Amazing what people glom onto.



  1. It used to be easy to spot spam and hacking/phishing email because there would always be a grammar or spelling mistake (rather like ignoring virus warnings in ALL CAPS). The converse is that you presume any site done professionally is professional, when it might just be stealing professional content. Just thinking about how tools like the IE 7 phishing filter work (http://www.regdeveloper.co.uk/2006/06/06/getting_ie7_right/ and http://marypcb.livejournal.com/184445.html) make my head feel I’m following a design plan by Escher


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: