Audio & Video
Business Center
Cameras
Cell Phones & PDAs
Communications
Components & Upgrading
Desktop PCs
DVD & Hard Drives
Gaming Hardware & Software
HDTV
Laptops
Macs & iPods
Monitors
Printers
Spyware & Security
The PCW Test Center
Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Products
Most Popular Downloads
Tuesday, April 25, 2006 3:06 PM PT Posted by Emru Townsend
Study Says Anti-Phishing Toolbars Work -- If You Do
CHI 2006's last presentation on security contained a mixture of good and bad news. Rob Campbell (who was at pains to say that he was only presenting the work of his student Min Wu, who couldn't make it) gave us details on a study that was conducted to see if browser toolbars designed to thwart phisher attacks actually worked.The MIT study's scenario went something like this: thirty people were given the role of a personal assistant who had to shop for certain items, based on instructions and URLs sent by their employer via e-mail. Their job was to keep their boss happy and, while they were at it, not let his personal information get stolen. As in the Harvard study I mentioned, they were warned ahead of time that the people running the study would be trying to fool them.
The good news is that the anti-phishing toolbars used in the study worked perfectly, correctly identifying fake sites. The bad news is that the people in the study often ignored the toolbars' warnings. (The really bad news: 20 of the participants were MIT students.) Why ignore them? It turns out that many of the MIT study's findings corroborated those from the Harvard study: faith in snazzy-looking sites, an inability to properly parse URLs, and so on. But the most interesting reasons were the rationalizations users came up with, especially this nugget: one person felt the toolbar's threat assessment was probably inaccurate because her e-mail's spam filter regularly reports false positives.
My curiosity is now officially piqued. Do you use anti-phishing utilities? If so, do you believe what they tell you? And do you have similar stories?
Recent Posts
Archives
View posts from:
PC World's Marketplace
PC World's Free Whitepapers
QUICK LINKS:
cheap laptops
cell phones
laser printers
HDTV reviews
LCD TV Plasmas
digital cameras
laptop reviews
security antivirus
windows vista reviews
digital camera reviews
inexpensive desktop
LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
tech news tech blogs community & forums laptop prices software reviews downloads
Yes, I use two anti-phishing utilities. One is something I called "commom sense". (bear in mind, there's really no such thing as common sense, because "common" means everyone has it and everyone doesn't). I don't respond at all to email requests for personal information of any kind.
The other tool I use is a site advisor plugin, and yes, I do follow it's recommendations.
Common Sense is key, but it does help to have a toolbar.
I use CallingID toolbar, most of the time I don't need to pay attention to it (I don't even notice it when it's green) but occasionally I stumble into a bad Internet neighbourhood and then the Red CallingID bar catches my eye and I double check.
It's not a replacement for common sense, it's just more a warning bell for it.
Yes, ignoring an phishing alerts is like ignoring the oild light in your car. eventually you're going to get burned. I use the EarthLink toolbar that includes ScamBlocker.