Communications - March 2011

number of attacks on the system go unreported because the victims won’t confess to their “evil” part in the process. When corporate users fall prey to a Trojan horse program purporting to offer, say, free access to porn, they have strong incentives not to cooperate with the forensic investigations of system administrators to avoid the associated stigma, even if the incident affected the security of the whole corporate network. Executives for whom righteousness is not as important as the security of their enterprise might consider reflecting such priorities in the corporate security policy, perhaps by guaranteeing discretion and immunity from “internal prosecution” for victims who cooperate with forensic investigations.

Kindness Principle

People are fundamentally nice and willing to help. Hustlers shamelessly take advantage of it.

This principle is, in some sense, the dual of the Dishonesty Principle, as perfectly demonstrated by the Good Samaritan scam. In it, marks are hustled primarily because they volunteer to help. It is loosely related to Cialdini’s Reciprocation Principle (people return favors) 2 but applies even in the absence of a “first move” from the hustler. A variety of scams that propagate through email or social networks involve tear-jerking personal stories or follow disaster news (tsunami, earthquake, hurricane), taking advantage of the generous but naïve recipients following their spontaneous kindness before suspecting anything. Many “social engineering” penetrations of computer systems7 also rely on victims’ innate helpfulness.

need and Greed Principle

Our needs and desires make us vulnerable. Once hustlers know what we want, they can easily manipulate us.

Loewenstein4 speaks of “visceral
factors such as the cravings associated
with drug addiction, drive states (such
as hunger, thirst, and sexual desire),
moods and emotions, and physical
pain.” We say “Need and Greed” to re-
fer to this spectrum of human needs
and desires—all the stuff we really
want, regardless of moral judgement.
In the 419 scam, what matters most is
not necessarily the mark’s greed but
his or her personal situation; if the
mark is on the verge of bankruptcy,
needs major surgery, or is otherwise
in dire straits, then questioning the
offer of a solution is very difficult. In
such cases the mark is not greedy, just
depressed and hopeful. If someone
prays every day for an answer, an email
message from a Nigerian Prince might
seem like the heaven-sent solution.

time Principle

When under time pressure to make an important choice, we use a different decision strategy, and hustlers steer us toward one involving less reasoning.

In the ring-reward rip-off, the mark is made to believe he must act quickly or lose the opportunity. When caught in such a trap, it’s very difficult for people to stop and assess the situation properly.

Unlike the theory of rational choice,
that is, that humans take their deci-
sion after seeking the optimal solution
based on all the available information,
Simon8 suggested that “organisms
adapt well enough to ‘satisfice’; they do
not, in general, ‘optimize’.”
They may “satisfice,” or reach a
“good-enough” solution, through sim-
plifying heuristics rather than the com-
plex, reasoned strategies needed for
finding the best solution, despite heu-
ristics occasionally failing, as studied
by Tversky and Kahneman. 10

Though hustlers may have never formally studied the psychology of decision making, they intuitively understand the shift. They know that, when forced to take a decision quickly, a mark will not think clearly, acting on impulse according to predictable patterns. So they make their marks an offer they can’t refuse, making it clear to them that it’s their only chance to accept it. This pattern is evident in the 419 scam and in phishing (“You’ll lose access to your bank account if you don’t confirm your credentials immediately”) but also in various email offers and limited-time discounts in the gray area between acceptable marketing techniques and outright swindle. As modern computerized marketing relies more and more on profiling individual consumers to figure out how to press their buttons, we might periodically have to revise our opinions about which sales methods, while not yet illegal, are ethically acceptable.

From a systems point of view, the Time Principle is particularly important, highlighting that, due to the human element, the system’s response to the same stimulus may be radically different depending on the urgency with which it is requested. In military contexts this is taken into account by wrapping dangerous situations that require rapid response (such as challeng-