(MSPAlliance) – Friday, April 21, 2006 – A recent Harvard University and University of California Berkeley survey showed that a good fake Web site, also known as a phish, fooled 91 percent of participants. The Web site was a spoof of Bankofthewest.com, with a URL reading “www.bankofthevvest.com,” and tested as the most reliable out of a sampling of both real and phish Web sites.
The survey found that Web-savvy people were just as easily as those unfamiliar with the Web. Most people paid minimal attention to the normal indicators of fake Web sites, such as the address bar, the status bar, or the security indicators, with 23 percent of those surveyed not even looking at them. Other phish sites that fooled a majority of those surveyed included several fake Pay Pal site and a fake Etrade site.
Some legitimate Web sites that follow security precautions, such as allowing users to log in only from dedicated SSL secure pages, were judged as less trustworthy than the phish sites. The survey held that people tended to focus more on animated graphics, design touches and pictures than reading URLs and looking for SSL indicators. The researchers concluded that instead of focusing primarily on cryptographic security, Web site designers should focus on “what humans do well and what they do not well.”