The current wave of email scams using Hotmail, Gmail and Yahoo! mail are down to two simple psychological factors. And one of these is so common, you are bound to “suffer” from it as well. And thanks to that, many people are innocently helping the scammers do their worst.
You can’t have missed the coverage of the phishing attacks which started on Monday and have escalated day by day this week. At the start of the week, Microsoft thought it had put the lid on the attack which helped cybercriminals harvest 10,000 email addresses and passwords. But then Gmail was compromised and security experts were warning that we were facing a significant problem.
At first sight, it might seem that the fraudsters are out to get our passwords so they can hack into our other accounts and even move money around. Indeed, reports this week show that online banking fraud has risen by over 50% in the past year, in spite of credit card scams falling. It might make us think that the criminal fraternity are after our passwords so they can get into our bank accounts.
That might be a motivation for some. However, for many cybercriminals the motivation to do what they are doing is nothing more than the reasoning a mountaineer might have for climbing Everest – because it is there. Many hackers have no real criminal intent. Rather they are turned on by the challenge. They simply want to achieve by breaking into fortress Microsoft, for instance, and then come away with their spoils of thousands of passwords. And by telling the world they have done this, they gain recognition for their “achievement”. The current wave of phishing attacks doubtless contain achievement motivation as a principle cause.
But, the fraudsters could not achieve their success without help – and that’s where you come in. Almost half of the world’s Internet users have the same password for every account they use. That means a cybercriminal only needs to access one account and they have the key to them all. Not only that, many people – estimated to be on in every three computers – don’t have Internet security software. That’s rather like leaving the front door open and putting a sign up for passing burglars – “please come in”.
So why don’t people take enough care over their online security? That’s the other psychological factor – the “it won’t happen to me” syndrome. Few people think they will get cancer or have heart disease; it always happens to other people. Yet those two conditions will kill almost all of us. They will happen to you. Yet, we block out such negative concepts because we find it difficult to cope. The result is that anything negative which can potentially cause us problems is something we tend to set to one aside – it won’t happen to us, but it’s the “others” who need to take care…!
Online, the result is lax security and that provides a massive opportunity for the achievement motivated cybercriminal. All they have to do is breach through the paper-thin walls of security that surround many computers and hey presto, they are in. Even though it is comparatively easy, it gives them a buzz.
If we all began to think that it “will happen to me” and took online security more seriously, the achievement motivated cybercriminal would not be able to succeed so easily. The result would be they would need to find another outlet for their need to succeed. Perhaps they might end up bungee jumping or even climbing Everest. But once we make it too difficult for them, they head off to achieve success in simpler ways.
Rather than thinking of ways to punish these individuals, we’d be better off finding ways of changing our attitudes so that we take online security more seriously. After all, how often do you change your passwords? How many different passwords do you use? Have you used your mother’s real maiden name? If you took things seriously you would use a range of passwords, you would change them frequently and you would use security questions and answers that no-one would be able to find out easily. If you are doing all of that, fine, well done. If not then you are one of the millions and millions of people who are giving the phishing attackers the opportunity they are looking for.
Graham Jones is an Internet Psychologist who studies the way people use the online world, in particular how people engage with businesses. He uses this knowledge to help companies improve their online connections to their customers and potential customers and offers consultancy, workshops, masterclasses and webinars. He also speaks regularly at conferences and business events. Graham is an award-winning writer and the author of 32 books, several of which are about various aspects of the Internet. For more information connect with me on Google+