Follow @siliconrepublic
Net-savvy surfers fall foul of online scams
26.06.2007
Cyber-criminals are becoming more sophisticated in how they try to get net users to part with their cash, resulting in experienced users and inexperienced users alike falling prey to online scams, new research form security software company McAfee has revealed.
Cyber-criminals are also taking advantage of the new trend of social networking sites to mine for personal information about potential victims to lull them into a false sense of security.
The research, conducted by Professor Clive Hollin, head of the School of Psychology at the University of Leicester, notes that cyber-criminals exploit psychological vulnerabilities of victims in much the same way that street conmen do, and have adapted these tactics to the digital age. A scam will usually present itself as a carrot-or-stick scenario, offering high rewards or else offering a way to avoid negative consequences.
The volume of online scams indicates that cyber-criminals are successful in ensnaring all sorts of users, not just inexperienced surfers.
"Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users: while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages," said Hollin.
Scam emails or pop-ups fall into either the 'click here for a reward' or 'click here to avoid an unwanted event' category. The first type offers rewards such as personal and intimate relationships or financial gain, while the second prompts users to act to avoid negative repercussions, such as getting them to click on a link to access their online bank account by giving them the impression there has been unauthorised activity on the account, thereby directing them to a fake bank site where their login details are captured.
Typical scams pretend to offer ways to alleviate worries about body weight, sexual prowess and physical health and are becoming more insidious. Spam emails in recent months have adopted an informal, conversation tone along the lines of: "I don't want to be the one to tell you this but people in the office have been talking about your weight…" By preying on people's anxieties it is hoped to make them more suggestible.
Other scams play on users' embarrassment by offering products they'd rather not buy in a face-to-face situation, such as erectile dysfunction pills.
Some work by plain old curiosity. The McAfee research revealed that in an experiment more than 400 net users clicked through to on an online ad that promised to infect their computer upon clicking the link. Presumably the users click through out of curiosity to see what a virus actually looks like.
Cybercriminals are also utilising world events to lend an air of authenticity to their scams, piggybacking on emotional or worrisome events that make the headlines. Often these events will form the subject line of the scam email.
Another threat comes from spam software that can pull the names from address lists off messenger accounts. Cyber-criminals can use these addresses to target unsuspecting users and get them to divulge information or download malware; victims believe the mail comes from a friendly source.
Another new technique used by fraudsters is to 'scrape' personal information and contacts from social networking sites such as MySpace, Bebo and Facebook and sell them to be used in mass spam attacks.
The McAfee report identified the main types of users that could become the victim of cyberfraud: newcomers to the web, who may have a trusting attitude to emails received, especially from perceived reliable source; bargain hunters, those who act on what they see as easy gains or excitement; tech friends, prolific users of the internet who may become blasé about the associated risks; seekers, people who have experienced changes in personal circumstances that can prompt psychological triggers which make them more suggestible, for instance recently divorced people who may respond to online dating scams or unemployed people who may fall for a home-working fraud.
By Niall Byrne
The research, conducted by Professor Clive Hollin, head of the School of Psychology at the University of Leicester, notes that cyber-criminals exploit psychological vulnerabilities of victims in much the same way that street conmen do, and have adapted these tactics to the digital age. A scam will usually present itself as a carrot-or-stick scenario, offering high rewards or else offering a way to avoid negative consequences.
The volume of online scams indicates that cyber-criminals are successful in ensnaring all sorts of users, not just inexperienced surfers.
"Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users: while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages," said Hollin.
Scam emails or pop-ups fall into either the 'click here for a reward' or 'click here to avoid an unwanted event' category. The first type offers rewards such as personal and intimate relationships or financial gain, while the second prompts users to act to avoid negative repercussions, such as getting them to click on a link to access their online bank account by giving them the impression there has been unauthorised activity on the account, thereby directing them to a fake bank site where their login details are captured.
Typical scams pretend to offer ways to alleviate worries about body weight, sexual prowess and physical health and are becoming more insidious. Spam emails in recent months have adopted an informal, conversation tone along the lines of: "I don't want to be the one to tell you this but people in the office have been talking about your weight…" By preying on people's anxieties it is hoped to make them more suggestible.
Other scams play on users' embarrassment by offering products they'd rather not buy in a face-to-face situation, such as erectile dysfunction pills.
Some work by plain old curiosity. The McAfee research revealed that in an experiment more than 400 net users clicked through to on an online ad that promised to infect their computer upon clicking the link. Presumably the users click through out of curiosity to see what a virus actually looks like.
Cybercriminals are also utilising world events to lend an air of authenticity to their scams, piggybacking on emotional or worrisome events that make the headlines. Often these events will form the subject line of the scam email.
Another threat comes from spam software that can pull the names from address lists off messenger accounts. Cyber-criminals can use these addresses to target unsuspecting users and get them to divulge information or download malware; victims believe the mail comes from a friendly source.
Another new technique used by fraudsters is to 'scrape' personal information and contacts from social networking sites such as MySpace, Bebo and Facebook and sell them to be used in mass spam attacks.
The McAfee report identified the main types of users that could become the victim of cyberfraud: newcomers to the web, who may have a trusting attitude to emails received, especially from perceived reliable source; bargain hunters, those who act on what they see as easy gains or excitement; tech friends, prolific users of the internet who may become blasé about the associated risks; seekers, people who have experienced changes in personal circumstances that can prompt psychological triggers which make them more suggestible, for instance recently divorced people who may respond to online dating scams or unemployed people who may fall for a home-working fraud.
By Niall Byrne
Categories:
CIO