number of attacks on the system go
unreported because the victims won’t
confess to their “evil” part in the process. When corporate users fall prey
to a Trojan horse program purporting
to offer, say, free access to porn, they
have strong incentives not to cooperate with the forensic investigations of
system administrators to avoid the associated stigma, even if the incident
affected the security of the whole corporate network. Executives for whom
righteousness is not as important as
the security of their enterprise might
consider reflecting such priorities in
the corporate security policy, perhaps
by guaranteeing discretion and immunity from “internal prosecution” for
victims who cooperate with forensic
investigations.
Kindness Principle
People are fundamentally nice and willing to help. Hustlers shamelessly take advantage of it.
This principle is, in some sense, the
dual of the Dishonesty Principle, as
perfectly demonstrated by the Good Samaritan scam. In it, marks are hustled
primarily because they volunteer to
help. It is loosely related to Cialdini’s
Reciprocation Principle (people return
favors) 2 but applies even in the absence
of a “first move” from the hustler. A variety of scams that propagate through
email or social networks involve tear-jerking personal stories or follow disaster news (tsunami, earthquake, hurricane), taking advantage of the generous
but naïve recipients following their
spontaneous kindness before suspecting anything. Many “social engineering” penetrations of computer systems7
also rely on victims’ innate helpfulness.
need and Greed Principle
Our needs and desires make us vulnerable. Once hustlers know what we want,
they can easily manipulate us.
Loewenstein4 speaks of “visceral
factors such as the cravings associated
with drug addiction, drive states (such
as hunger, thirst, and sexual desire),
moods and emotions, and physical
pain.” We say “Need and Greed” to re-
fer to this spectrum of human needs
and desires—all the stuff we really
want, regardless of moral judgement.
In the 419 scam, what matters most is
not necessarily the mark’s greed but
his or her personal situation; if the
mark is on the verge of bankruptcy,
needs major surgery, or is otherwise
in dire straits, then questioning the
offer of a solution is very difficult. In
such cases the mark is not greedy, just
depressed and hopeful. If someone
prays every day for an answer, an email
message from a Nigerian Prince might
seem like the heaven-sent solution.
time Principle
When under time pressure to make an
important choice, we use a different decision strategy, and hustlers steer us toward one involving less reasoning.
In the ring-reward rip-off, the mark
is made to believe he must act quickly
or lose the opportunity. When caught
in such a trap, it’s very difficult for
people to stop and assess the situation
properly.
Unlike the theory of rational choice,
that is, that humans take their deci-
sion after seeking the optimal solution
based on all the available information,
Simon8 suggested that “organisms
adapt well enough to ‘satisfice’; they do
not, in general, ‘optimize’.”
They may “satisfice,” or reach a
“good-enough” solution, through sim-
plifying heuristics rather than the com-
plex, reasoned strategies needed for
finding the best solution, despite heu-
ristics occasionally failing, as studied
by Tversky and Kahneman. 10
Though hustlers may have never
formally studied the psychology of decision making, they intuitively understand the shift. They know that, when
forced to take a decision quickly, a
mark will not think clearly, acting on
impulse according to predictable patterns. So they make their marks an offer they can’t refuse, making it clear
to them that it’s their only chance to
accept it. This pattern is evident in
the 419 scam and in phishing (“You’ll
lose access to your bank account if you
don’t confirm your credentials immediately”) but also in various email offers and limited-time discounts in the
gray area between acceptable marketing techniques and outright swindle.
As modern computerized marketing
relies more and more on profiling individual consumers to figure out how to
press their buttons, we might periodically have to revise our opinions about
which sales methods, while not yet illegal, are ethically acceptable.
From a systems point of view, the
Time Principle is particularly important, highlighting that, due to the human element, the system’s response
to the same stimulus may be radically
different depending on the urgency
with which it is requested. In military
contexts this is taken into account by
wrapping dangerous situations that require rapid response (such as challeng-