Paper on why Phishing works

Here's an interesting paper written by Rachna Dhamija, J.D Tygar, and Marti Hearst on Why Phishing Works.

"This study illustrates that even in the best case scenario, when users expect spoofs to be present and are motivated to discover them, many users can't distinguish legitimate websites from a spoofed website. In our study, the best phishing site was able to fool more than 90% of participants"