Rachna Dhamija first displayed a couple of websites and asked the audience to determine whether the site was real or a phishing site. The audience was able to guess that the first site (eBay) was real, however a lot of the audience was fooled by the second screenshot of a PayPal spoof site.

The "Why Phishing Works" study evaluated over 200 phishing attacks and resulted in a list of reasons why users are fooled. Users are primarily fooled for two reasons: lack of computer knowledge and visual deception. The study introduced some new reasons why users are fooled including lack of knowledge of security and lack of knowledge of web fraud. Visual deception is utilized by phishing sites via images and windows.

Shirley Gaw then led the discussion on encrypted e-mail. First, she presented the idea that usability is prohibiting adoption of encrypted e-mail. While prior studies support this idea, this study went a step further and looked at the social meaning attached to encryption. According to the study, even people who know how to use encrypted e-mail do not always do so. People do not see a need to encrypt everyday messages, and feel that they need to justify using it.

Finally, Rob Miller presented a study by Min Wu of MIT that looked at security toolbars including Netcraft, Trustbar, Spoofguard, the eBay toolbar, and Spoofstick. The study categorized these toolbars into several categories: neutral information toolbars (e.g. IP address, website address), system decision toolbars (i.e. “this site is bad”), and SSL verification toolbars. The study found that all types of browser toolbars do not work effectively. The study has led to the development of the Web Wallet, which will be a browser-integrated solution to maintain and carefully disseminate user information.

An audience member from Mozilla was present and thanked the presenters for their work. He assured that Mozilla is concerned with these issues and will use the data.