Phishing web sites are proliferating, and the largest target remains financial institutions. The best phishing site was able to fool more than 90 percent of the participants. Tricks include deceptive text, images masking text, or placing a faked browser window on or near a legitimate one. Users are unable to detect the difference between legitimate and fraudulent URLs, whether the email header is forged, and they show a lack of knowledge of their computer system, and also security and security indicators on their computers browser.”]
Source: https://www.cuinfosecurity.com/phishing-works-a-lessons-for-financial-institutions-a-407