63% users fail to spot fake pop-ups

[Lt-DavidW]

Internet users are unable to distinguish between genuine pop-up warnings messages and false ones, a study at North Carolina State University has found.

The study examined the responses of undergraduates to messages which popped up while they did other tasks on a PC.

Seeing the pop-ups as a mere annoyance the majority clicked 'OK'.

Fake pop-ups are a well-known vehicle for cyber-criminals to install harmful software on PCs.

"This study demonstrates how easy it is to fool people on the web," said co-author Michael Wogalter, professor of psychology at North Carolina State University.

"Be suspicious when things pop up. Don't click OK - close the box instead," said Dr Wogalter."

Legitimate message

Participants were fooled by the fake messages 63% of the time, even when warned that some of what they would be seeing would be false.

It suggests that the wording on genuine messages needs to be rethought, said Dr Wogalter.

"I don't know if you could develop a legitimate message that could not be duplicated and used illegitimately," he said.

Tony Neate, managing director of the UK's Get Safe Online campaign advised users to install a pop-up blocker.

"Browsers and most anti-virus software offers them. Pop-ups are either downloading something malicious or trying to sell me something so I just don't want them there at all," he said.

Source: BBC News

[sbauer]

Have to say I agree with this. I can't tell you how many calls I get from people saying that a message popped up telling them that they had 1,500 viruses on their computer. Meanwhile, their virus scanner subscription expired a few years ago.

[SuperKid]

Most of them have the XP Style if the user is a vista user then they might relise it is fake as your not really going to get an XP Style popup on a vista aero theme.

[ANON86364]

It's stupid ignorance of end users that causes this. People need to take the two seconds to actually read what is in front of their face instead of clicking the "X" or "OK". It's true, countless infections are caused by the end user being too ignorant to use a computer. It's quite sad.

Most of them have the XP Style if the user is a vista user then they might relise it is fake as your not really going to get an XP Style popup on a vista aero theme.

Not always true. Many pop-ups are ads prompted by the site you are visiting and use the GUI of your OS to display itself, so many pop-ups would look just the same as any window in Vista and XP.

Edited September 24, 2008 by lord_xenos

[xXTOKERXx]

^^ Man that's just a bit OTT

As an experienced computer user these things stick out like a sore thumb, but with 63% of people clicking them by mistake kinda suggests that it's a common problem and not just a error of judgement.

It really is easy to fall for, unless you know how windows displays every single error message and that it won't be apart of the IE shell.

[tom01]

I find popup blockers out of date now in my opinion, it's time web browsers block these URL's by default. If sites like zedo.com want to be intrusive with Javascript then why should we allow it in the first place. Google doesn't do it with their advertisements, why should they?

If someone on the street came up to you saying "BUY THIS, BUY THIS" and started jumping up and down around you then something would be done about it. It should be the same with the Internet.

[Dc'1]

I can easily tell the difference between a popup and a legit message lol. Because most of them look more and more real I can see why people click them, but if your cursor changes while you are anywhere on the box don't click :| lol.

[+Audioboxer Subscriber²]

My mum used to fall for these :laugh:

Can someone actually tell me, are these kind of popups completely legal?

Some of them are pretty damn deceiving (fake virus scans that actually look like a running application, ect).

[markwolfe Veteran]

...

It's true, countless infections are caused by the end user being too ignorant to use a computer. It's quite sad.

...

Let me clarify that statement a bit. "to use a Windows computer".

Until such a time that Apple takes a significant enough share to warrant these spoofed popup assaults on naivete, it is a relatively safe computing platform for those who tend to be inexperienced (I prefer that over the term "ignorant" ) with computers in general.

If the up-front cost of buying an Apple computer is daunting or prohibitive, a knowledgeable family member can set up their inexperienced relative or friend with a handy limited user account, and withhold the admin password. This, obviously, has to be done with the computer user's permission (one does not have the right to essentially take over someone else's PC without their permission and understanding).

But those are examples of the types of steps needed to protect people from themselves.

[thealexweb]

Not a big suprise, most people just keep clicking and when one of these comes up they want to get rid of it as quickly as possible.

[MrChainsaw]

Wow, I didn't think 63% of the users falls for them, I thought it would be something like 7%.

[Soldiers33]

whoever clicks on those ads are complete idots.

[bigmehdi]

I already clicked once, in these kind of banners.

But I pressed the "no" button, and result was exactly same as pressing yes.

Then I realized it was banner, and became more careful.

[White Cuban]

It's stupid ignorance of end users that causes this. People need to take the two seconds to actually read what is in front of their face instead of clicking the "X" or "OK". It's true, countless infections are caused by the end user being too ignorant to use a computer. It's quite sad.

Not always true. Many pop-ups are ads prompted by the site you are visiting and use the GUI of your OS to display itself, so many pop-ups would look just the same as any window in Vista and XP.

i think you mean the oppisite, i would consider myself an end user, and i never read browser popups, because i dont get any, and if i do, i never click, i usally put my mouse over it though to see if its all flash, because flash ads = 100% crapware aomost always.

Theres hardly any legitimate posts, unless im on a forum or so,and think its maybe a new message, i dont click.

[PatrynXX]

Source: BBC News

Most annoying popup's to me aren't these fake ones. but the ones where they have a fake X I hit the X to get rid of the window and off it goes to the site. Try to use Opera just for those, but even Opera can't fix all of those.

[markwolfe Veteran]

I am sure John McCain...

Ugh.

Please don't bring politics garbage into the cleaner, more reasoned sections of Neowin.

[John S. Veteran]

^^ (Y)

thread cleaned

[+Gary7 Subscriber²]

Ugh.

Please don't bring politics garbage into the cleaner, more reasoned sections of Neowin.

+1000

[ANON86364]

Let me clarify that statement a bit. "to use a Windows computer".

Until such a time that Apple takes a significant enough share to warrant these spoofed popup assaults on naivete, it is a relatively safe computing platform for those who tend to be inexperienced (I prefer that over the term "ignorant" ) with computers in general.

If the up-front cost of buying an Apple computer is daunting or prohibitive, a knowledgeable family member can set up their inexperienced relative or friend with a handy limited user account, and withhold the admin password. This, obviously, has to be done with the computer user's permission (one does not have the right to essentially take over someone else's PC without their permission and understanding).

But those are examples of the types of steps needed to protect people from themselves.

Call it what you want, be it ignorance, stupidity, uninformed, or inexperienced. It all results in infections on the user's PC. Yes I said PC. I know Macs are less likely to be targeted for the reasons you already stated. I've met many people from both sides of the spectrum. Some have enough common sense to decipher a false pop-up, others aren't so fortunate and constantly go to the wrong sites, and click the wrong things. I do call it ignorance when a user does not pursue knowledge of what they are actually doing and what they can do to prevent what they know happens to "inexperienced" users (ie. infections). As a user of a PC and being on the Internet, I believe it is a responsibility this day in age to be informed.

Edited September 24, 2008 by lord_xenos

[ESC@PE]

lol @ the Antivirus 2009 popup

clicking that makes for a fun time trying to get it off afterwards

[ANON86364]

lol @ the Antivirus 2009 popup

clicking that makes for a fun time trying to get it off afterwards

Very true. The trick is to catch it as soon as it happens. I've been lucky a few times when the user knew they screwed up as soon as they clicked on the pop-up. They call me and I fix it up quickly. I've also been not so lucky...having clients wait a week before finally noticing something's not right.

[tom01]

No, the trick is to prevent it.

[t3rminus]

Seriously though. When confronted with a pop-up such as in my example below, what choice would most users have? Using simple javascript, it could be made to mimic whichever OS it was running on, and even appear in a modal way, not allowing access to the site behind it until Ok is pressed.

[ANON86364]

No, the trick is to prevent it.

Of course you or I could prevent it, but we can't always be there to prevent the typical end user from clicking what shouldn't have been clicked.

[tom01]

Of course you or I could prevent it, but we can't always be there to prevent the typical end user from clicking what shouldn't have been clicked.

That makes you point a finger at somebody else! Why are ISP's not looking at ways to cut off these websites? Why doesn't Microsoft implement such a thing to Windows Defender, why doesn't I.T repair guys do a proper job instead of just cleaning.

I just believe that a good 70% of infections could be prevented by URL filtering.

Why isn't something being done? Money.