Seven 'Weaknesses' Criminals Use Online to Exploit You

online weaknessesA good con is like a magic trick. Those best thought out (think of The Spanish Prisoner) stand the test of time, and can be recycled generation after generation.

Con tricks abundant onlineWhat makes a con work? Human nature. By applying psychology, criminals achieve predictable results most of the time. High-tech giant Cisco's recently released annual security report contains a breakdown of "seven deadly weaknesses" that make us particularly susceptible to criminal persuasions (the Dilbert brigade at your office, when they give you the "employee risk management" speech, probably will refer to this give-and-take between con and mark as "social engineering"). Sadly, many impulses the bad guys play on are good ones -- and so, perhaps it's best to keep in mind that on the Internet, the virtuous are targets for victimhood.Adapted (rather freely) from Cisco's list:

1. Sex appeal

In the espionage world they're called honeytraps -- attractive women (or men) who make a move on you in a social networking situation, usually proffering a picture. Nothing like an appeal to vanity, the devil's favorite sin (see below) -- and the approach has proven so effective even Thai hookers are doing it. Here's a visual example on Sophos' Naked Security blog.

2. Greed

Think how marketers abuse the word "free" on the Internet. When you see "free" online, read every grain of fine print you can find, lest you be signed up for the dreaded "free trial" you will forget to cancel (and with the fine print that says your credit card will continue to be charged in exponential increments until you self-amputate an arm and overnight it to some address in Delaware). What else can possibly explain the continuing success of Nigerian 4-1-9 scams and their multiplying offspring, other than the principle greed twists eternal in the human breast?

3. Vanity

"You have been chosen!" Or perhaps "You've won a free trial!" which contains a double whammy -- see above. Arguably, you could even throw in the old "supplies are limited, act now" hook, since there's a feeling of exclusive exhilaration when you, yes you, are able to get your commemorative "Ghost of Elvis Visits the 9/11 Memorial" plate ahead of all the other losers.

4. Trust

Not necessarily a bad thing, of course, but certainly a deciding factor in many electronic scams. Think of the recent (and recurring) UPS and DHL schemes, which in turn have their own permutations -- one a variant of the Nigerian 4-1-9 con, another playing on the trusted brand names, and that's just two of many. Also the main psychological engine at work behind scareware.

5. Sloth

Cisco gives as its example the lazy consumer who simply clicks on a link sent in an email that may or may not be from his bank, rather than actually call or take some other measure to verify. Let's make it a bit more general and say, anyone who fails to do homework on any kind of Internet transaction is lazy. For heavens' sake, just use a search engine and type in a salient word in question followed by the terms "scam" or "rip-off" and see if anything interesting comes up. If you don't do that, you're a sloth.

6. Compassion

Criminals play on the emotions and good qualities some people have to con them out of money, personal information, even just a verifiable email address. Con artists tried to fleece consumers a year ago with phony charity appeals following the earthquake in Haiti. Schemers send emails with bogus hotel or restaurant reservations, hoping the recipient will write back to try to correct the mistake -- and unwittingly surrender a verified email address, which the spammer can then sell at a higher value than a random one. And then there's the phony friend stranded in some foreign country, writing to you for help. That one started out in email and moved to social networks.

7. Urgency

Beware the hard -- and fast -- sell. That's why states such as Massachusetts have "cooling off" protections that mandate a certain amount of time, often 72 hours, in which a purchase can be canceled -- but that's only if there's a cancellation provision in the contract. There's nothing within reason you need to buy right this minute -- especially a time-share or a gym membership -- that you can't buy tomorrow after sleeping on it. And if you can't buy it tomorrow, you probably don't need it.

Read Cisco's original here in its annual security report.

Beau Brendler is chairman of the North American Internet users' advisory committee to ICANN, and for eight years was executive producer of the WebWatch project at Consumers Union.He also vblogs for Internet Evolution and writes for its Thinkernet.

Become a fan of Consumer Ally on Facebook.
Read Full Story

From Our Partners