Organised crime syndicates use psychological mind games to trick PC users into handing over their personal information and money.
This is one of the findings from new research into cybercrime trends commissioned by McAfee in association with forensic psychologist, Professor Clive Hollin, based at University of Leicester in the UK.
The research also suggests that Internet fraudsters are exploiting our deepest psychological vulnerabilities in the latest e-mail scams.
Cybercriminals are employing ever more cunning techniques such as assuming trustworthy identities, engaging in friendly banter and targeting human emotions such as fear, insecurity and greed.
The study reveals how cybercriminals are increasingly combining stealth code with calculating mind games to manipulate our behaviour and persuade us to open attachments, click on a link or enter personal information so they can pickpocket our personal information and online bank accounts.
By understanding how we make sense of information and what human traits affect our reactions to information, cybercriminals are manipulating our actions online.
A prime example in the report shows how even common curiosity can prove our downfall and a scammer’s windfall. When an online ad promised to infect the computers of all those that clicked with a virus, 400 people still did exactly that.
The report highlights how cybercriminals work hard to reduce our scepticism and convince us that the e-mail is legitimate. They use a combination of psychological tricks like making out that the e-mail is from a friend or a trusted authority such as a credit card company.
To grab our attention and make the e-mail stand out, they will use headlines to appeal to our personal interests such as “shopping” or “dating”.
The report also shows how typical e-mail scams will contain essential elements that play on and exploit the human psychological vulnerabilities that drive us or influence us to do something – for example, “Click here for a reward” or “Click here to avoid something you don’t want to happen”.
The same cybercriminal practices were unearthed in US research commissioned by McAfee by Professor James Blascovich, PhD at University of California, Santa Barbara.
The study highlights that contrary to popular belief it is not simply the inexperienced Internet users that fall victim to online scams. In fact, the volume of online scams suggests cybercriminals are successful in ensnaring all sorts of PC users.
According to Professor Clive Hollin: “Given the right conditions in terms of the persuasiveness of the communication and the critical combination of situational and personal factors, most people may be vulnerable to misleading information. This point is true both for experienced and inexperienced computer users: while naivety may be a partial explanation, even sophisticated users can be deceived and become suggestible to misleading messages.”
The McAfee Mind Games report also suggests that Internet fraudsters research the psychological “hotspots” and triggers of potential victims – such as watching news headlines for emotional or worrisome world events or jumping on major sporting events in order to make the mind game more authentic.
Cybercriminals are capitalising on new social trends too. The MySpace and Facebook generation, with their frequent and informal use of e-mail and site updates, often fail to question the legitimacy of e-mails or links and users have become the unsuspecting victims of both phishing and ID theft scams.
Cyber scammers are even now thinking beyond purely online mind games. They are successfully starting to manipulate our vulnerabilities by approaching via less suspicious routes, such as mobile phones.
Chris van Niekerk, regional director: Africa at McAfee, says: “Perpetrators of crime learn from experience and become increasingly sophisticated: they learn what techniques are successful, who falls for what, what bypasses security, and so on. Like con men on the street devising new tricks, Internet fraudsters need a never-ending supply of ways to exploit victims online.
"Bypassing mental barriers rather than software security is an increasingly evident tactic of cybercriminals and one that will only continue become more prolific in the raft of online attacks.”