A report in the Sydney Morning Herald on phishing and why it fools so many people:

The study conducted by Harvard University and Berkeley tested the responses of 22 participants to a range of websites, some fraudulent and some genuine. It found that a general lack of knowledge about security technologies made it easy to fool a large number of people.

"In our study, the best phishing site was able to fool more than 90 per cent of participants. Indicators that are designed to signal trustworthiness were not understood (or even noticed) by many participants," the report said.

Pop-up warnings about fraudulent certificates proved ineffective with 15 out of 22 participants proceeding to the website without hesitation, while other basic security measures such as checking SSL certificates and inspecting the validity of the URL were overlooked altogether by 23 per cent of participants. Their key approach was to analyse the content of a webpage to determine legitimacy, leading them to make incorrect decisions 40 per cent of the time.

...via Digg