I don’t buy this study. This would indicate that out of a billion users, over 100 million have fallen for a phishing scam. While plenty of people fall victim to phishing attacks, it’s nowhere near that number.
One in 10 internet users may be lured into handing over sensitive personal information such as a credit card number, by fraudulent “phishing” emails, research suggests…
Previous studies, including a telephone survey conducted by US research company Gartner in 2004, have indicated that about 5% of all internet users have fallen for phishing messages.
But Markus Jakobsson and Jacob Ratkiewicz at Indiana University, US, suspected this was an underestimation. The reasoned that some survey participants may not have realised that they have been stung by a phishing scam, or may simply be too embarrassed to admit to it.
The research methodology is interesting: This team actually created a fake phishing site to see who would respond.
New Scientist article, link here. More at beSpacific, including a study on ethical phishing experiments.