Identity Theft - Don't Let the Dancing Pigs Fool You
What can we learn about identity theft from dancing pigs?
Dancing pigs and identity theft -- what could the two possibly have in common? As unlikely as it sounds, these two really are related. Learn how Internet users chose dancing pigs instead of staying safe on the Internet.
Dancing Pigs and Dancing Bunnies -- Where does it all end?
Not too many people have ever heard of the dancing pig problem. Or, the dancing bunny or bear problem either for that matter. Unless you happen to be involved in computer security, chances are this expression is new to you.
This expression came about when Edward Felten made the comment, "Given a choice between dancing pigs and security, users will pick dancing pigs every time."
Why the comment? Because time after time Internet users have shown, they will choose fun over keeping their computer and personal information safe and are easily tricked into choosing unsafe sites. To prove the point, three computer security specialists ran an experiment (1). What they discovered was surprising.
In the study, 22 participants viewed 20 websites and asked to choose the spoof sites. Forty percent of the time, the users chose the spoof or dangerous sites. Some of the spoof sites contained animation such as dancing bears and a warning but the participants chose them anyway. The results from this study proved that visual distraction fooled even the most sophisticated internet users.
This study showed that even under the best circumstances where users knew some sites were spoof sites and were supposed to pick them out they were not able to. For most, 'cute' design and the level of detail convinced the users the sites were legitimate.
What Can We Learn from Dancing Pigs?
This study should teach us that even those of us who think we are computer savvy, may not be. It should also teach us that we need to pay attention to browser-based clues to determine if a site is legitimate -- not the details on the page.
Avoiding identity theft doesn't have to be that difficult. To decide if a site is legitimate, check your address bar. The link and the site address should match. For example, if you receive an email from PayPal that includes a hyperlink, when you run your cursor over the link, the correct PayPal address should show up in your status bar at the top of the page. If another address shows up, the email and site are most likely not legitimate.
Do everything you can to avoid identity theft. Don't fall victim to phishing schemes sent out by cybercriminals and don't let yourself be fooled by clever design or animation. Do everything you can to educate yourself about identity theft to stay safe.
(1) Rachna Dhamija, J. D. Tygar and Marti Hearst, Why Phishing Works, to appear in the Proceedings of the Conference on Human Factors in Computing Systems (CHI2006), 2006.