SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
Analyst Corner
Cyber Criminals Turn to Psychology
Cyber criminals use mindgames to lure Internet users to part with their data and financial information. A recently released study by a global security firm details the psychological games and other tactics cyber criminals use in social engineering scams propagated through junk email. In the study titled "Mind Games," author, Dr. James Blascovich, Professor of Psychology at the University of California, Santa Barbara, offers analyses of multiple common scam emails and provides surprising insights into how cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information. The same psychological practices used by cyber criminals were also investigated in a European report, commissioned by McAfee in association with leading forensic psychologist, Professor Clive Hollin, based at University of Leicester in the United Kingdom.
"Scam spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the email is from a friend or colleague, or providing plausible warnings from a respected institution," Dr. Blascovich noted. "Once the victim opens the email, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information, or download risky files. By scamming USD 20 from just half of one percent of the US population, cyber criminals can earn USD 15 million each day and nearly USD 5.5 billion in a year, a powerful attraction for skillful scam artists."
An important key to the crooks' success is familiarity. One example is phishing scams that fraudulently acquire sensitive information, such as usernames, passwords, and financial data, by masquerading as a familiar or nationally recognized bank, credit card company or even an online auction site. Recently, McAfee Avert Labs found that the number of phishing Web sites increased by 784 per cent in the first half of 2007.
Popular sites are also increasingly victimised. In December of 2006, cyber criminals targeted MySpace and used a worm to convert legitimate links to those that lured consumers to a phishing site designed specifically to obtain personal information.
"Along with the alarming increase in phishing emails, we are also seeing more sophisticated messages that can fool all but the most highly trained surfer," said David Marcus, security research and communications manager, McAfee Avert Labs. "While earlier phishing emails often included typos, awkward language and minor graphical mistakes, newer scams appear to be more legitimate, with slicker graphics and copy that closely mirrors the language used by respected institutions."
In addition to tactics that build on familiarity to create the illusion of legitimacy, phishing scams also target consumers with fear tactics, such as through subject lines like "Urgent Security Notification" and "Your billing account records are out of date." Other lures, such as "Must Complete and Submit" or "You Are Missing Out," are less blatant but similarly trick users into thinking that without a specific action on their part, they're going to lose out.
Dr. Blascovich also reports on a category of scam emails that target consumers who are promotion focused (want to "get ahead") and/or capitalise on consumers' greed. These messages have such subject lines as "You Won" to entice consumers into thinking they may have won a lottery or sweepstakes, "90% discounts" to trick consumers into thinking they are getting great promotional pricing, or "You Are Approved" to target consumers who need a loan or have money woes.
Yet another popular lure involves messages that play on feelings of love and loss. A subject like "Why spend another week lonely?" works by preying on the sensitivities of those feeling vulnerable. And finally, there's the voice- of-authority approach: "Attention! Several Credit Card databases have been LOST" and others like it are designed to make consumers feel a sense of urgency and obligation. This study was done by McAfee recently.
"Scam spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the email is from a friend or colleague, or providing plausible warnings from a respected institution," Dr. Blascovich noted. "Once the victim opens the email, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information, or download risky files. By scamming USD 20 from just half of one percent of the US population, cyber criminals can earn USD 15 million each day and nearly USD 5.5 billion in a year, a powerful attraction for skillful scam artists."
An important key to the crooks' success is familiarity. One example is phishing scams that fraudulently acquire sensitive information, such as usernames, passwords, and financial data, by masquerading as a familiar or nationally recognized bank, credit card company or even an online auction site. Recently, McAfee Avert Labs found that the number of phishing Web sites increased by 784 per cent in the first half of 2007.
Popular sites are also increasingly victimised. In December of 2006, cyber criminals targeted MySpace and used a worm to convert legitimate links to those that lured consumers to a phishing site designed specifically to obtain personal information.
"Along with the alarming increase in phishing emails, we are also seeing more sophisticated messages that can fool all but the most highly trained surfer," said David Marcus, security research and communications manager, McAfee Avert Labs. "While earlier phishing emails often included typos, awkward language and minor graphical mistakes, newer scams appear to be more legitimate, with slicker graphics and copy that closely mirrors the language used by respected institutions."
In addition to tactics that build on familiarity to create the illusion of legitimacy, phishing scams also target consumers with fear tactics, such as through subject lines like "Urgent Security Notification" and "Your billing account records are out of date." Other lures, such as "Must Complete and Submit" or "You Are Missing Out," are less blatant but similarly trick users into thinking that without a specific action on their part, they're going to lose out.
Dr. Blascovich also reports on a category of scam emails that target consumers who are promotion focused (want to "get ahead") and/or capitalise on consumers' greed. These messages have such subject lines as "You Won" to entice consumers into thinking they may have won a lottery or sweepstakes, "90% discounts" to trick consumers into thinking they are getting great promotional pricing, or "You Are Approved" to target consumers who need a loan or have money woes.
Yet another popular lure involves messages that play on feelings of love and loss. A subject like "Why spend another week lonely?" works by preying on the sensitivities of those feeling vulnerable. And finally, there's the voice- of-authority approach: "Attention! Several Credit Card databases have been LOST" and others like it are designed to make consumers feel a sense of urgency and obligation. This study was done by McAfee recently.
Related Links
None
