Why Phishing Attacks Are Successful

Most computer users are not computer experts. While they are somewhat capable of recognizing real-life deception attempts, they do not always know how to protect themselves from similar attempts online.

In order to avoid Phishing attempts, one should pay attention to many small details. However, it is probably not feasible to expect all the users to manually compare each URL they are accessing to the real server's URL, etc.

Many Phishing attacks rely on this. For example, not many users will notice the difference between the following 'real' URL:


and the following 'forged' URLs:


In addition, in most Phishing attacks, the web page served by the attacker's machine is very similar, if not identical to the real server's web page.

The user is expected to notice the small 'lock' icon (which differs in shape and location in different browsers) which indicates that a connection is 'secure'. However, research shows that many people will attempt to login even if this indicator is missing. Not many people will notice or pay attention to the difference between a preceding 'http:' and 'https:' in a URL.

Another problem is over-relying on SSL security. It can be assumed that the protocol itself is tamper-safe and that the used encryption algorithms cannot be easily broken. However, this does not prevent Phishing attempts, as it is fairly easy for the attacker to obtain a certificate for his fraudulent domain, and act as an SSL 'bridge' between the user and the real server. SSL only protects the user's private information once a connection is established with the real server.

Relying on the alertness of the user is not a good solution to Phishing. The user's computer, however, can automatically detect any discrepancy. This is the basis for the Saphe-plugin idea (see solution details for more information).

Back to main Saphe project page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License