Why Phishing Works – Lessons for Financial Institutions

Why Phishing Works – Lessons for Financial Institutions
Would your customers recognize and detect a well-designed phishing site that was targeting them? The unfortunate answer is probably not. Phishing websites designed with high credibility fooled a high percentage of participants in a recent study. “Why Phishing Works,” a white paper authored by researchers from Harvard and UC Berkeley illuminates the problems of deterring phishing that all financial institutions face.

What about those tell-tale cues that web surfers are told to look for? No, not always the answer, as the same study showed that more than 20 percent of participants didn’t look at the address bar or other security indicators that would tip them that they were looking at a bogus website.

Some of the other findings in the whitepaper showed that many users are unable to detect the difference between legitimate and fraudulent URLs, whether the email header is forged, and they show a lack of knowledge of their computer system, and also security and security indicators on their computer’s browser.

The whitepaper’s research revealed that the use of visual deception by phishers causes many savvy users to fall prey. Tricks include deceptive text, images masking text, images that mimic browser windows or dialogue windows, or placing a faked browser window on or near a legitimate one.

Participants in the research study were shown websites that appeared to belong to financial institutions and e-commerce companies, some were spoofed, and some were real. The results showed that the best phishing site was able to fool more than 90 percent of the participants.

Phishing web sites are proliferating, and the largest target remains financial institutions. “Why Phishing Works” a white paper authored by researchers from Harvard and UC Berkley is a must read for all financial institutions. Click to read “Why Phishing Works.”

Download the report now: https://www.bankinfosecurity.com/whitepapers.php?wp_id=97


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network