You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings

Many popular web browsers now include active phishing warnings since research has shown that passive warnings are often ignored. In this laboratory study the author examined the effectiveness of these warnings and examines if, how, and why they fail users. It simulated a spear phishing attack to expose users to browser warnings. It found that 97% of sixty participants fell for at least one of the phishing messages that sent them. However, it also found that when presented with the active warnings, 79% of participants heeded them, which was not the case for the passive warning that tested - where only one participant heeded the warnings. Using a model from the warning sciences analyzed how users perceive warning messages and offer suggestions for creating more effective phishing warnings.