Security – The Psychology of Being Scammed

One of the requirements of good security is that security concepts must be designed in from the beginning of a project, must be inclusive to the entire system, and be to the quality required for the task. If anyone speaks ill of DCinema security, which did design-in security issues from the beginning and for the entire system, it is only said that it goes too far.

That being the case, the feared weak link is “social engineering”, which could also be called the Art of the Con. To that, this article from the Schneier Security blog is concise and to the point. Every facility manager, and especially every projectionist, needs to learn these rules. The cinema facility will be the point of social engineering attacks.

At some point, the people who are making billions from piracy will start dedicating themselves to getting time on working dcinema systems, to try to figure a way to get pristine copies of movies. And someone, somewhere, will be expected or asked to look the other way. That could be you. So, learn these cons, and figure out in advance how you will handle the situation before it happens; these will be federal crimes, so the big dogs will come after you whether you were directly involved or not. So work it out; how do you report a con being worked on you? how do you report a con being worked on a co-worker? on your boss?

Here is the article:

This is a very interesting paper: Understanding scam victims: seven principles for systems security, by Frank Stajano and Paul Wilson. Paul Wilson produces and stars in the British television show The Real Hustle, which does hidden camera demonstrations of con games. (There’s no DVD of the show available, but there are bits of it on YouTube.) Frank Stajano is at the Computer Laboratory of the University of Cambridge.

The paper describes a dozen different con scenarios — entertaining in itself — and then lists and explains six general psychological principles that con artists use:

1. The distraction principle. While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.

2. The social compliance principle. Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3. The herd principle. Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.

4. The dishonesty principle. Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.

5. The deception principle. Thing and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6. The need and greed principle. Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

[The post and its comments are at:
Schneier on Security: The Psychology of Being Scammed  – November 30, 2009]

It all makes for very good reading.

Two previous posts on the psychology of conning and being conned.

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Leave a Reply

Your email address will not be published. Required fields are marked *

forty two − thirty nine =