Wednesday, April 05, 2006

Phishing and stopping phishing

Bruce Schneier points to a interesting paper out of Harvard and Berkeley called "Why Phishing Works" (PDF).

It is a light paper that reports on a usability study where people tried to determine whether certain websites were spoofs or real. The failure rates were dismally high even for expert computer users.

The paper concludes by calling for loud, obvious indicators that a site may be fake placed directly in the user's center of attention. Anything else, the paper says, is likely to be ignored.

That is the path new anti-phishing tools appear to be taking. The anti-phishing warning in GMail, for example, is loud and obvious. The planned Microsoft Phishing Filter for IE7 also looks like it will make the warnings hard to ignore by refusing to display spoofed websites.

Update: Justin Voskuhl at Google Kirkland just announced on the official Google Blog that the latest version of the Google Toolbar for Firefox now has an integrated anti-phishing feature.

1 comment:

Anonymous said...

Google's phishing filter plugin for firefox fades out the rest of the page and has a big bubble thing.