Representative Scams
Since 2006, the Real Hustle tv show
has recreated hundreds of scams during
which Paul, alex, and Jess defrauded
unsuspecting victims before hidden
cameras. here are five instructive ones:
in the lingo of this peculiar “trade,”
the victim of the scam is the mark, the
perpetrator is the operator, and any
accomplice pretending to be a regular
customer is a shill.
Monte. this classic scam involves
an operator manipulating three cards
(or disks or shells: there are many
variations), one of which wins, while the
other two lose. the operator shows the
player the cards, turns them over face
down, then moves them around on the
table in full view. Players must follow the
moves and put money on the card they
believe to be the winner. the operator
pays out an equal amount if the player
guessed correctly or otherwise pockets
the player’s money.
technically, at the core of the scam
is a sleight-of-hand trick whereby the
operator undetectably switches two
cards. One might therefore imagine the
basic scam to consist of performing a few
“demo runs” where marks are allowed to
guess correctly, then have them bet with
real money and at that point send the
winning card elsewhere.
But this so-called “game” is really a
cleverly structured piece of street theater
designed to attract passersby and hook
them into the action. the sleight-of-hand
element is actually least important; it is
the way marks are manipulated, rather
than the props, that brings in the money.
it’s all about the crowd of onlookers and
players (all shills) betting in a frenzy and
irresistibly sucking marks into wanting a
piece of the action.
the Monte is an excellent example
that nothing is what it seems, even if the
marks think they know what to expect.
Many people claim to be able to beat the
game, purely because they understand
the mechanics of the secret move. But it’s
impossible to tell whether an experienced
operator has made the switch. More
important, even if the cards were marked
in some way, there is absolutely no way
for a legitimate player to secure a win;
should a mark consistently bet on the
correct position, then other players,
actually shills, would over-bet him,
“forcing” the operator to take the larger
bet. this frustrates the mark, who
often increases his bet to avoid being
topped. One shill will then pretend to
help the mark by bending a corner of
the winning card while the operator is
distracted, making the mark think he has
an unbeatable advantage. this is a very
strong play; marks have been seen to drop
thousands of dollars only to find the bent
card is actually a loser. While mixing the
cards, it is possible for a skilled operator
to switch the cards and switch the bend
from one card to another.
the idea that one can beat the game
at all reveals a key misunderstanding—
that, in fact, it is not a game in the first
place. Monte mobs never pay out to the
from right to left: Paul, with alex as a shill, scams two
marks at the three-shells game (one of several variants
of the Monte).
from right to left: Paul and alex haggle with the mark
over the reward in the Ring Reward Rip-off.
alex, flashing a fake police badge, pretends to arrest
Jess in the Jewelry shop scam.
all Images Courtesy oF obJeCtIVe ProDuCtIons
ing strangers at a checkpoint or being
ordered to launch a nuclear missile)
in special “human protocols” meant
to enforce, even under time pressure, some of the step-by-step rational
checks the heuristic strategy would
otherwise omit.
The security architect must identify
the situations in which the humans in
the system may suddenly be put under time pressure by an attacker and
whether the resulting switch in decision strategy might open a vulnerability. This directive applies to anything
from retail situations to stock trading
and online auctions and from admitting visitors into buildings to handling
medical emergencies. Devising a human protocol to guide and pace the response of the potential victim toward
the desired goal may be an adequate
safeguard and also relieve the victim
from stressful responsibility.
Related Work
While a few narrative accounts of
scams and frauds are available, from
Maurer’s study of the criminal world6
that inspired the 1973 movie The Sting
to the autobiographical works of no-
table fraudsters, 1, 7 the literature con-
tains little about systematic studies of
fraudsters’ psychological techniques.
But we found two notable exceptions:
Cialdini’s outstanding book Influ-
ence: Science and Practice, 2 based on
undercover field research, revealed
how salespeople’s “weapons of influ-
ence” are remarkably similar to those
of fraudsters; indeed, all of his prin-
ciples apply to our scenario and vice
versa. Meanwhile, Lea et al. 3 examined
postal scams, based on a wealth of ex-
perimental data, including interviews
with victims and lexical analysis of
fraudulent letters. Even though our
approaches were quite different, our
findings are in substantial agreement.
The table here summarizes and com-
pares the principles identified in each
of these works.
conclusion
We supported our thesis—that systems
involving people can be made secure
only if designers understand and ac-
knowledge the inherent vulnerabili-
ties of the “human factor”—with three
main contributions:
First is a vast body of original re-
search on scams, initially put together
by Wilson and Conran. It started as a TV
show, not as a controlled scientific ex-
periment, but our representative write-
up9 still offers valuable firsthand data
not otherwise available in the literature;
Second, from these hundreds of
scams, we abstracted seven principles.
The particular principles are not that
important, and others have found