Years ago, a friend introduced me to the concept of “phishing” – impersonating a legitimate business or authority on the Internet in attempts to steal personal information.  At the time, were were trying to play a prank on a childhood friend, but I never quite realized just how wide-spread the phenomenon has become.  Every few days I hear a new report of this bank or that social networking site being violated by malicious phishers, and part of me always questioned the reports.

For example, I always type my bank’s URL into the browser by hand.  I have links to Facebook stored on my homepage.  I skim through Google results for domains that mirror the meaningfulness of a result.  Then again, I’m a web developer and I take things like this for granted.

As evidenced by a recent ReadWriteWeb fiasco, it seems that quite a few Facebook users don’t actually know how to log in to Facebook.  Rather than pointing their browsers to Facebook’s homepage, they’ll enter “facebook login” into Google and hope for the best.  When this happened early last month, thousands of Facebook users found themselves reading a ReadWriteWeb article rather than updating their status.  It caused a lot of confusion, as shown by the thousands of confused reader comments.

Part of me finds this funny.  But part of me is still trying to figure out who is to blame.

There are a few people who are claiming it’s the users at fault for not paying attention to which website they were headed towards.  There are others who argue it’s the fault of developers as a whole for producing confusing and overly “helpful” user interfaces.  After giving it some thought, I tend to agree with both groups.

This is a cataclysmic failure of ui – “ui” in this case standing for both User Interface and User Intelligence.

On the one hand, developers should never give so much help to users that it becomes a hindrance in the future.  Google’s “I’m Feeling Lucky” feature lulls many people into a false sense of security – if I enter “facebook login” I’ll immediately and only be redirected to the legitimate Facebook website.  On the other hand, users of any form of technology should be expected to exercise a certain level of intellect when using it.

It’s failure on both parts that led to this problem in the first place.  I expect the same failures are the reason phishing is such a profitable black market business these days as well.  If ReadWriteWeb can accidentally gather up so many Facebook users ready and willing to enter their private account information, how hard would it be for a malicious developer to purposefully gather the same?  What if he or she instead targeted Bank of America?

I have to admit, I take a lot of things for granted when it comes to web design and the Internet.  Unfortunately, it appears many average users take even more for granted … and it puts them at a huge disadvantage.