 |
|
|
|
Web Based Solutions >>
Fraud Detection Suite
Cyber Criminals Rely On Mind Games To Scam Internet Users
McAfee Study Offers Insight into Psychological Tactics Used in Online Scams
SANTA CLARA, Calif., June 25 /PRNewswire-FirstCall/ -- McAfee, Inc. (NYSE:
MFE) today announced the results of a groundbreaking study that details the
psychological games and other tactics cyber criminals use in social
engineering scams propagated through junk email. In the study titled "Mind
Games," the primary author, Dr. James Blascovich, Professor of Psychology at
the University of California, Santa Barbara, offers analyses of multiple
common scam emails and provides surprising insights into how cyber criminals
use fear, greed and lust to methodically steal personal and proprietary
financial information.
The same psychological practices used by cyber criminals were also
investigated in a European report, commissioned by McAfee(R) in association
with leading forensic psychologist, Professor Clive Hollin, based at
University of Leicester in the United Kingdom.
"Scam spam works best by providing recipients with a sense of
familiarity and legitimacy, either by creating the illusion that the email is
from a friend or colleague, or providing plausible warnings from a respected
institution," Dr. Blascovich noted. "Once the victim opens the email,
criminals use two basic motivational processes, approach and avoidance, or a
combination of the two, to persuade victims to click on dangerous links,
provide personal information, or download risky files. By scamming $20 from
just half of one percent of the U.S. population, cyber criminals can earn $15
million each day and nearly $5.5 billion in a year, a powerful attraction for
skillful scam artists."
An important key to the crooks' success is familiarity. One example is
phishing scams which fraudulently acquire sensitive information, such as
usernames, passwords, and financial data, by masquerading as a familiar or
nationally recognized bank, credit card company or even an online auction
site. Recently, McAfee Avert(R) Labs found that the number of phishing Web
sites increased by 784 percent in the first half of 2007.
Popular sites are also increasingly victimized. In December of 2006,
cyber criminals targeted MySpace and used a worm to convert legitimate links
to those that lured consumers to a phishing site designed specifically to
obtain personal information.
"Along with the alarming increase in phishing emails, we are also seeing
more sophisticated messages that can fool all but the most highly trained
surfer," said David Marcus, security research and communications manager,
McAfee Avert Labs. "While earlier phishing emails often included typos,
awkward language and minor graphical mistakes, newer scams appear to be more
legitimate, with slicker graphics and copy that closely mirrors the language
used by respected institutions."
In addition to tactics that build on familiarity to create the illusion
of legitimacy, phishing scams also target consumers with fear tactics, such as
through subject lines like "Urgent Security Notification" and "Your billing
account records are out of date." Other lures, such as "Must Complete and
Submit" or "You Are Missing Out," are less blatant but similarly trick users
into thinking that without a specific action on their part, they're going to
lose out.
Dr. Blascovich also reports on a category of scam emails that target
consumers who are promotion focused (want to "get ahead") and/or capitalize on
consumers' greed. These messages have such subject lines as "You Won" to
entice consumers into thinking they may have won a lottery or sweepstakes,
"90% discounts" to trick consumers into thinking they are getting great
promotional pricing, or "You Are Approved" to target consumers who need a loan
or have money woes.
Yet another popular lure involves messages that play on feelings of love
and loss. A subject like "Why spend another week lonely?" works by preying on
the sensitivities of those feeling vulnerable. And finally, there's the voice-
of-authority approach: "Attention! Several Credit Card databases have been
LOST" and others like it are designed to make consumers feel a sense of
urgency and obligation.
Additional in-depth information on top phishing scams and security
threats is available at the McAfee Threat Center at
http://www.mcafee.com/us/threat_center/default.asp.
The "Mind Games," report is available online at
http://www.mcafee.com/us/threat_center/white_paper.html.
Notes to Editors:
Research Methodology: McAfee's Avert Labs team identified real examples
of common phishing scams to be analyzed by Dr. James Blascovich for the Mind
Games study. The samples gathered by McAfee were categorized to reflect the
tone of the message (e.g., "Voice of Authority"), or the content of the
message (e.g. "Competition Winners"), or the type of emotional manipulation
(e.g. "Playing on Embarrassment). This categorization of material from real
sites provided the material for analysis by Dr. Blascovich.
About McAfee, Inc. McAfee, Inc. is the leading dedicated security
technology company. Headquartered in Santa Clara, California, McAfee delivers
proactive and proven solutions and services that secure systems and networks
around the world. With its unmatched security expertise and commitment to
innovation, McAfee empowers home users, businesses, the public sector, and
service providers with the ability to block attacks, prevent disruptions, and
continuously track and improve their security. http://www.mcafee.com.
NOTE: McAfee and Avert are trademarks or registered trademarks of
McAfee, Inc. and/or its affiliates in the U.S. and/or other countries. McAfee
Red in connection with security is distinctive of McAfee brand products. All
other registered and unregistered trademarks herein are the sole property of
their respective owners. (C) 2007 McAfee, Inc. All rights reserved.
|