You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings

Researchers studied the effectiveness of web browser phishing warnings by targeting 60 study participants with simulated email phishing attacks. 97% of study participants clicked a link in at least one simulated phishing email. When then presented with a passive web browser warning, just 13% closed their browser window – a result not significantly different from offering no warning whatsoever. When presented with an active warning, 79% of participants heeded the warning. The researchers conclude in-browser phishing warnings should interrupt a user’s primary task.