New study highlights risk of fake popup warnings for Internet users

Sep 22, 2008

A new study by researchers at North Carolina State University shows that most Internet users are unable to distinguish genuine popup warnings messages from false ones – even after repeated mistakes. The fake ones were designed to trick users into downloading harmful software.

"This study demonstrates how easy it is to fool people on the Web," says study co-author Dr. Michael S. Wogalter, professor of psychology at NC State. The study examined the responses of undergraduate students to real and fake warning messages while they did a series of search tasks on a personal computer connected to the Internet. The real warning messages simulated local Windows operating system warnings, whereas fake messages were popup messages emanating from an exterior source via the Internet.

The physical differences between the real and the fake messages were subtle, and most participants did not discern them. Participants were fooled by the fake messages 63 percent of the time, hitting the "OK" button in the message box when it appeared on the screen despite being told that some of what they would be seeing would be false.

The ways people responded could potentially open them up to malevolent software, such as spyware or a computer virus, Wogalter says. Safer options, such as simply closing the message box, were infrequently chosen. The study was led by psychology graduate student David Sharek and co-authored by undergraduate Cameron Swofford.

Wogalter notes that companies and other credible entities may want to incorporate additional unique features into the real messages to allow people to differentiate between genuine warning messages and fake popups. However, he says, "I don't know if you could develop a legitimate message that could not be duplicated and used illegitimately."

Wogalter says the results of the study highlight the need to educate Internet users to be cautious. "Be suspicious when things pop up," Wogalter says. "Don't click OK – close the box instead."

Source: North Carolina State University

Explore further: Angry Bitcoin investors demand answers at Tokyo creditors' meet

add to favorites email to friend print save as pdf

Related Stories

Hackers take over Israel army Twitter account

Jul 04, 2014

Internet hackers briefly took over an Israeli army Twitter account, the military said Friday, posting an alarming message that a nuclear facility had been hit by rocket fire.

Report says NSA intercepts computer deliveries (Update)

Dec 29, 2013

A German magazine lifted the lid on the operations of the National Security Agency's hacking unit Sunday, reporting that American spies intercept computer deliveries, exploit hardware vulnerabilities, and even hijack Microsoft's ...

Tech Tips: Guide to protecting Internet accounts

Dec 05, 2013

Security experts say passwords for more than 2 million Facebook, Google and other accounts have been compromised and circulated online, just the latest example of breaches involving leading Internet companies.

Recommended for you

Google made failed bid for Spotify

6 hours ago

Internet titan Google tried last year to buy streaming music service Spotify but backed off for reasons including a whopping price tag, the Wall Street Journal reported on Tuesday.

Thieves got into 1,000 StubHub accounts

6 hours ago

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Putin signs law seen as crimping social media

18 hours ago

President Vladimir Putin on Tuesday signed a law requiring Internet companies to store all personal data of Russian users at data centres in Russia, a move which could chill criticism on foreign social networking ...

User comments : 0