Washington, Sept 23 : Most Internet users cannot distinguish between genuine and false popup warnings messages, even after repeated mistakes, according to a new study by researchers at North Carolina State University.
Fake popup warnings are usually designed to trick users into downloading harmful software. "This study demonstrates how easy it is to fool people on the Web," said study co-author Dr. Michael S. Wogalter, professor of psychology at NC State.
In the study, led by psychology graduate student David Sharek and co-authored by undergraduate Cameron Swofford, the researchers analysed the responses of undergraduate students to real and fake warning messages while they did a series of search tasks on a personal computer connected to the Internet.
While the real warning messages simulated local Windows operating system warnings, the fake messages were popup messages were cropping up from an exterior source via the Internet.
The physical differences between the real and the fake messages were quite subtle, making it difficult for most participants to discern them.
Sixty-percent of the time, the subjects were fooled by the fake messages, hitting the "OK" button in the message box appearing on the screen despite being told that some of them could be false.
Wogalter said that the ways people responded could potentially open them up to malevolent software, such as spyware or a computer virus. Safer options, such as simply closing the message box, were infrequently chosen.
He pointed out that companies and other credible entities may want to incorporate additional unique features into the real messages to allow people to differentiate between genuine warning messages and fake popups.
However, he said: "I don't know if you could develop a legitimate message that could not be duplicated and used illegitimately."
Wogalter says the results of the study highlight the need to educate Internet users to be cautious.
"Be suspicious when things pop up. Don't click OK - close the box instead," he said.