Computerworld

'Scam-spammers' mess with our minds

Researchers say spammers and scammers use mind games to fool skeptical computer users

Spammers and scammers know how to work the mind games that make even the most sophisticated and skeptical computer users fall for their tricks, a researcher said in a just-released report.

In an analysis of common e-mail scams, Dr. James Blascovich, a psychology professor at the University of California, Santa Barbara (UCSB), said that for all the software and "mental" filtering users apply, spam works, and always will.

"Some proportion of users are gullible, naive, irrational -- the list of synonyms can go on and on," said Blascovich. Gullibility, which he ties with naivete -- sometimes about technology, sometimes about how legitimate organizations conduct business -- is a major factor in the success of "scam-spam." Even if just one-half of 1 percent of all e-mail users are gullible and can be separated from US$20, that's a potential economy of US$5.5 billion in the U.S. alone, claimed Blascovich.

But even the cynical can be fooled into opening questionable e-mail, Blascovich said, as he ticked off the motivational trickery that scam-spammers use. "Scam-spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the e-mail is from a friend or colleague, or providing plausible warnings from a respected institution," he said.

Veteran e-mail inbox wranglers will recognize both tactics, whether the message poses as a missive from a long-lost friend -- or in the case of malware that spreads by hijacking victims' address books, from someone you e-mail daily -- or looks like it originated with the recipient's own bank.

"Perceived legitimacy attracts attention and the odds of one opening the e-mail can increase dramatically," said Blascovich.

But trading on familiarity and legitimacy is only the first step. "Once the victim opens the e-mail, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information or download risky files," Blascovich said.

Generally, people are motivated to approach positive goals -- winning the lottery, say -- or to avoid unpleasant realities, such as losing a credit card. Scam-spammers play on both. Some people, said Blascovich, are more pre-disposed to the "approach" scenarios, while others lean toward "avoidance" situations.

The former are known as "promotion-focused" people, he said, and can be lumped as individuals who want to get ahead. They're also the most likely to fall for scam spam that touts get-rich-quick schemes or capitalizes on greed, such as the venerable Nigerian 419-type spam that offers to split millions for a small up-front cash fee.

Although Blascovich offered little practical advice for deflecting scam-spam -- he suggested that "almost anyone" is gullible at times -- he paraphrased an old adage: "In order to overcome their approach and avoidance tendencies, consumers must realize that if a message is either too good or too bad to be true, it probably is."