Friday, December 18, 2009

Scam victims and software security

When both DailyDave and Bruce Schneier point to a paper, you can bet it's going to be very interesting. So if you are at all interested in software security, run don't walk to this paper by Stajano and Wilson: Understanding scam victims: seven principles for systems security.

The seven principles are psychological aspects of human behavior which provide vulnerabilities that scammers and other bad guys exploit:

  • Distraction: While you are distracted by what retains your interest, hustlers can do anything to you and you won't notice.

  • Social Compliance: Society trains people not to question authority. Hustlers exploit this "suspension of suspiciousness" to make you do what they want.

  • Herd: Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they're all conspiring against you.

  • Dishonesty: Anything illegal that you do will be used against you by the fraudster, making it harder for you to seek help once you realize you've been had.

  • Deception: Things and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

  • Need and Greed: Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

  • Time: When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.

It would be great if the BBC would release the TV show episodes on DVD; I'd really enjoy watching them I think.

No comments:

Post a Comment