Understanding Scam Victims: Seven Principles for Systems Security

Frank Stajano

Understanding Scam Victims: Seven Principles for Systems Security

The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. Paul Wilson and I examined a variety of scams and short cons that were investigated, documented, and recreated for the BBC TV programme The Real Hustle and we extracted from them some general principles about the recurring behavioral patterns of victims that hustlers have learnt to exploit. We argue that an understanding of these inherent human vulnerabilities, and the necessity of taking them into account during design rather than naively shifting the blame onto the gullible users, is a fundamental paradigm shift for the security engineer which, if adopted, will lead to stronger and more resilient systems security.

Frank Stajano, Senior Lecturer at the University of Cambridge, UK

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX

@conference {227952,
author = {Frank Stajano},
title = {Understanding Scam Victims: Seven Principles for Systems Security},
year = {2010},
address = {Washington, DC},
publisher = {USENIX Association},
month = aug
}

Download

Presentation Audio

Download Audio

USENIX Conference Policies

Understanding Scam Victims: Seven Principles for Systems Security

Frank Stajano, Senior Lecturer at the University of Cambridge, UK

Open Access Media

Presentation Audio