Phish Phodder: Is User Education Helping or Hindering

Mostly, security professionals can spot a phish a mile off. If they do err, it's usually on the side of caution, for instance when real organizations fail to observe best practice, and generate phish-like marketing messages. Many sites are now addressing the problem with phishing quizzes, intended to teach the everyday user to distinguish phish from phowl (sorry). Academic papers on why people fall for phishing mails and sites are something of a growth industry. Yet phishing attacks continue to increase, and, while accurate and up-to-date figures for financial loss are hard to come by, indications are that losses from phishing and other forms of identity theft continue to climb.