McAfee has announced the results of a groundbreaking study that details the psychological games and other tactics cyber criminals use in social engineering scams propagated through junk email.
In the study titled "Mind Games", the primary author, Dr James Blascovich, Professor of Psychology at the University of California, Santa Barbara, offers analyses of multiple common scam emails and provides surprising insights into how cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information.
The same psychological practices used by cyber criminals were also investigated in a European report, commissioned by McAfee in association with leading forensic psychologist, Professor Clive Hollin, based at University of Leicester in the United Kingdom.
"Scam spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the email is from a friend or colleague, or providing plausible warnings from a respected institution," Dr Blascovich noted. "Once the victim opens the email, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information, or download risky files. By scamming $20 from just half of one per cent of the US population, cyber criminals can earn $15 million each day and nearly $5.5 billion in a year, a powerful attraction for skillful scam artists."
An important key to the crooks' success is familiarity. One example is phishing scams which fraudulently acquire sensitive information, such as usernames, passwords, and financial data, by masquerading as a familiar or nationally recognized bank, credit card company or even an online auction site.
Recently, McAfee AvertR Labs found that the number of phishing Web sites increased by 784 percent in the first half of 2007.
Popular sites are also increasingly victimized. In December of 2006, cyber criminals targeted MySpace and used a worm to convert legitimate links to those that lured consumers to a phishing site designed specifically to obtain personal information.
"Along with the alarming increase in phishing emails, we are also seeing more sophisticated messages that can fool all but the most highly trained surfer," said David Marcus, security research and communications manager, McAfee Avert Labs. "While earlier phishing emails often included typos, awkward language and minor graphical mistakes, newer scams appear to be more legitimate, with slicker graphics and copy that closely mirrors the language used by respected institutions."
Source: http://infotech.indiatimes.com/Cyber_criminals_rely_on_mind_games_/articleshow/2174903.cms
In the study titled "Mind Games", the primary author, Dr James Blascovich, Professor of Psychology at the University of California, Santa Barbara, offers analyses of multiple common scam emails and provides surprising insights into how cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information.
The same psychological practices used by cyber criminals were also investigated in a European report, commissioned by McAfee in association with leading forensic psychologist, Professor Clive Hollin, based at University of Leicester in the United Kingdom.
"Scam spam works best by providing recipients with a sense of familiarity and legitimacy, either by creating the illusion that the email is from a friend or colleague, or providing plausible warnings from a respected institution," Dr Blascovich noted. "Once the victim opens the email, criminals use two basic motivational processes, approach and avoidance, or a combination of the two, to persuade victims to click on dangerous links, provide personal information, or download risky files. By scamming $20 from just half of one per cent of the US population, cyber criminals can earn $15 million each day and nearly $5.5 billion in a year, a powerful attraction for skillful scam artists."
An important key to the crooks' success is familiarity. One example is phishing scams which fraudulently acquire sensitive information, such as usernames, passwords, and financial data, by masquerading as a familiar or nationally recognized bank, credit card company or even an online auction site.
Recently, McAfee AvertR Labs found that the number of phishing Web sites increased by 784 percent in the first half of 2007.
Popular sites are also increasingly victimized. In December of 2006, cyber criminals targeted MySpace and used a worm to convert legitimate links to those that lured consumers to a phishing site designed specifically to obtain personal information.
"Along with the alarming increase in phishing emails, we are also seeing more sophisticated messages that can fool all but the most highly trained surfer," said David Marcus, security research and communications manager, McAfee Avert Labs. "While earlier phishing emails often included typos, awkward language and minor graphical mistakes, newer scams appear to be more legitimate, with slicker graphics and copy that closely mirrors the language used by respected institutions."
Source: http://infotech.indiatimes.com/Cyber_criminals_rely_on_mind_games_/articleshow/2174903.cms