A recent study (Rachna Dhamija, J. D. Tygar and Marti Hearst) has shown how frequently people were fooled into thinking that sites were legitimate, where in fact they were spoofs. Research had previously indicated that upto 5% of webusers have at some point given details to “phishing” sites.
This particular study used 22 volunteers and 20 sites (7 real, 13 spoof). The ways in which some used to judge whether a site was legitimate or not was a little worrying. For example, the login page of “Bank of the West” (a spoof version of which was used), fooled 20 of the 22 participants. For 2, it was the animation of the bear that fooled them – they didn’t think that a spoof site would bother to recreate an animation. Those tell tale signs, that are often pointed out in the press etc (e.g. Https , padlock etc ) just weren’t seen as important. A little worrying.