Researchers exploring why phishing continues to fool people asked 22 people to categorise 20 websites as either fraudulent or legitimate. They found 23% of participants did not look at browser-based security cues, leading to incorrect choices 40% of the time. They also found that some visual deception attacks can fool sophisticated users and concluded that because standard security indicators are often ineffective, alternative approaches are needed.