‘Scam-spammers’ are messing with our minds

Even the most savvy can be stung by sophisticated social engineering attacks

Spammers and scammers know how to work the mind games that make even the most sophisticated and sceptical computer users fall for their tricks, a researcher says in a just-released report.

In an analysis of common email scams, Dr James Blascovich, a psychology professor at the University of California, Santa Barbara (UCSB), says that for all the software and “mental” filtering users apply, spam works, and always will.

“Some proportion of users are gullible, naive, irrational — the list of synonyms can go on and on,” says Blascovich. Gullibility, which he ties with naivete — sometimes about technology, sometimes about how legitimate organisations conduct business — is a major factor in the success of “scam-spam.” Even if just one-half of 1% of all email users are gullible and can be separated from $20, that’s a potential economy of US$5.5 billion (NZ$7.2 billion) in the US alone, claims Blascovich.

But even the cynical can be fooled into opening questionable email, Blascovich says, as he ticked off the motivational trickery that scam-spammers use. “Scam-spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the email is from a friend or colleague, or providing plausible warnings from a respected institution,” he says.

Veteran email inbox wranglers will recognise both tactics, whether the message poses as a missive from a long-lost friend — or in the case of malware that spreads by hijacking victims’ address books, from someone you email daily — or looks like it originated with the recipient’s own bank.

“Perceived legitimacy attracts attention and the odds of one opening the email can increase dramatically,” says Blascovich.

But trading on familiarity and legitimacy is only the first step. “Once the victim opens the email, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information or download risky files,” Blascovich says.

Generally, people are motivated to approach positive goals — winning the lottery, say — or to avoid unpleasant realities, such as losing a credit card. Scam-spammers play on both. Some people, Blascovich says, are more pre-disposed to the “approach” scenarios, while others lean toward “avoidance” situations.

The former are known as “promotion-focused” people, he says, and can be lumped as individuals who want to get ahead.

They’re also the most likely to fall for scam spam that touts get-rich-quick schemes or capitalises on greed, such as the venerable Nigerian 419-type spam that offers to split millions for a small up-front cash fee.

Although Blascovich offered little practical advice for deflecting scam-spam — he suggested that “almost anyone” is gullible at times — he paraphrased an old adage: “In order to overcome their approach and avoidance tendencies, consumers must realise that if a message is either too good or too bad to be true, it probably is.”

Join the newsletter!

Error: Please check your email address.

Tags scammersspamattacksSecurity ID

Show Comments
[]