Two separate studies released earlier this week came to the same conclusion: Web users are too casual and absentminded when it comes to their personal security online.
Researchers at Harvard University and the Massachusetts Institute of Technology released a draft of a study on Sunday indicating that users of online banking sites disregard the security measures put in place to protect them. Specifically, the findings cast a dark shadow on the confidence that users and banking institutions can place in site-authentication images, which are used by large financial institutions such as Bank of America, Vanguard Group, and ING Bank.
Three tests were given. The first was the removal of the HTTPS indicator in the address bar and the lock that appears in the bottom right of Internet Explorer 6. Of the 67 participants in the study, none spotted the absence of the HTTPS in the address bar. All 67 continued with their transactions despite this indicator.
The second test involved the removal of the site-authentication image, in addition to the removal of the HTTPS indicator. Of the 67 participants, only two realized the absence of the site-authentication image and chose not to log in. Of the users who were using their own bank account for the study, 23 of 25 proceeded to enter their passwords.
The third and final test replaced a password-entry page with a warning page from IE7 Beta 3, indicating a problem with the security certificate of the Web site. Regardless, 30 of 57 users continued to enter their passwords.
The researchers said that this was the first major study into the effectiveness of site-authentication images, and concluded that they are “ineffective.”
Another study released by Iconix indicated that of the 59 million phishing e-mail messages sent each day, up to 10 million are opened by their recipients.
Eight categories were considered, with fake social-network-related messages seeing a 24.9% open rate, while fake e-cards had a 17.1% open rate, and fake payment messages received a 16.2% open rate. Phony financial, auction, information, retail, and dating messages also had relatively high open rates. Overall, open rates for these fake e-mail messages ranged from 1 in 4 to 1 in 10.
Fake financial and payment e-mails had the highest volume, but not the highest open rates.
This study was conducted by observing the e-mail behavior of 10,557 participants from May to October of 2006.
These conclusions are worrisome, as malicious deceivers become craftier and more targeted in their approaches. Their schemes will continue to be effective so long as the general public remains uneducated about simple causes for concern that should be obvious to the naked eye.
Sources:
http://news.yahoo.com/s/infoworld/20070205/tc_infoworld/
85759;_ylt=Aq_exiZ_AFo0H5Xi100alkD6VbIF;_ylu=
X3oDMTBjMHVqMTQ4BHNlYwN5bnN1YmNhdA--
http://clickz.com/showPage.html?page=3624876
Digg 
