The two of them teamed up to show how "the success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect." They maintain that there are some patterns that remain the same with offline and online hustles, some victim behaviors that mirror each other.
They assert that human element is very often the weakest link when it comes to protecting a system, and that security engineers should delve into the victim psychology to prevent their end user from becoming one.
The paper is divided in two parts. The first one consists of a dozen of scam scenarios that have been documented for the aforementioned TV show. The second part focuses on lessons that can be drawn and principles that can be learned from them:
1. The Distraction principle - While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.
2. The Social Compliance principle - Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.
3. The Herd principle - Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.
4. The Dishonesty principle - Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.
5. The Deception principle - Things and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.
6. The Need and Greed principle - Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.
7. The Time principle - When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.
Of course, in the paper all these principles are extensively explained and examples are given that show the validity of their reasoning. The entire paper is extremely interesting. Read it to gain some knowledge into the psychological mechanisms that could make you and others victims of real-world and online scams, because - knowledge is power.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.