Psychologie de l'Escroquerie

[Stéphane BERTHO]

(résumé: les gens experts en arnaques peuvent se faire avoir comme les autres)

R. Paul Wilson, The Art of The Con :

Citation

I always tell my clients “if you think you can’t be conned, you’re just the person I want to meet!” As any good magician will tell you, it’s often easier to fool someone who thinks he can’t be fooled. Con artists prefer an easy mark, but a self-proclaimed expert or puffed up know-it-all might be just as ripe in the proper circumstances.
Confidence is what a con man tries to give his mark, and any sucker who already has a rich supply could prove easier to take down. Once a self-assured victim is on the hook, he might never admit to being conned (to himself or others), which in itself makes them an attractive mark.
The simplest and most effective step anyone can take toward self-defense against deception is to fully accept that he could one day be deceived. It can happen to anyone and whoever you are, I guarantee that smarter people than you have been stung by the simplest of scams.

Cory Doctorow sur une mésaventure qu'il a subie (il a permis à un escroc de connaître la totalité de son numéro de carte bancaire):

Citation

I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened

Citation

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions

Un professeur de psychologie se veut rassurant:

Citation

Scientifiquement parlant, certaines personnes sont-elles plus enclines que d’autres à sombrer dans les dérives sectaires ?

Oui totalement. On entend souvent de la part de personnes travaillant dans la prévention des dérives sectaires dire que tout le monde peut être victime d’emprise. Je le conteste totalement. Moi, je vous le dis, je ne serais jamais sous emprise. En revanche, avec des tests, je peux vous dire si une personne est vulnérable. Nous n’avons pas tous la même personnalité et donc la même vulnérabilité à tomber un jour dans une secte. Au-delà de gens vulnérables, il y a d’ailleurs surtout des situations de vulnérabilité : des situations de stress, de perte de contrôle, de non-sens… Tout cela est susceptible d’accroître la possibilité de tomber sous emprise.

[Stéphane BERTHO]

https://theconversation.com/arnaque-au-faux-brad-pitt-ce-que-les-brouteurs-ont-appris-du-marketing-249534

Citation

Arnaque au faux Brad Pitt : ce que les brouteurs ont appris du marketing

Publié: 13 février 2025, 14:33 CET

 Erwan Boutigny, Université Le Havre Normandie, Sophie Renault, IAE Orléans

Pensant entretenir une relation avec Brad Pitt, une Française correspondait en réalité avec des brouteurs (cyberescrocs). Ces derniers appliquent les mêmes techniques que celles du marketing : flatter l’ego et créer un sentiment d’exclusivité. Alors, où se situe la frontière entre influence légitime et manipulation ?

 

Modifié 14 février par Stéphane BERTHO

[Stéphane BERTHO]

https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

Citation

Even if we do this all well and correctly, we can’t make people immune to social engineering. Recently, both cyberspace activist Cory Doctorow and security researcher Troy Hunt—two people who you’d expect to be excellent scam detectors—got phished. In both cases, it was just the right message at just the right time.

Citation

Take9’s website says, “Science says: In stressful situations, wait 10 seconds before responding.” The problem with that is that clicking on a link is not a stressful situation. It’s normal, one that happens hundreds of times a day. Maybe you can train a person to count to 10 before punching someone in a bar but not before opening an attachment.

Renvoie à https://doctorow.medium.com/how-i-got-scammed-0ae9bd453490 et https://doctorow.medium.com/https-pluralistic-net-2025-04-05-troy-hunt-teach-a-man-to-phish-c2ab7956c026 :

Citation

I’ve been successfully scammed six times in my life. Each time, the scam relied on the confluence of several factors that yielded a fleeting moment of vulnerability that some scammer was able to exploit by being in the right place at the right time. I had to be lucky always, they only had to be lucky once.

Citation

Troy Hunt is the proprietor of HaveIBeenPwned.com, the internet’s most comprehensive and reliable breach notification site. Hunt pretty much invented the practice of tracking breaches, and he is steeped — saturated — in up-to-the-minute, nitty-gritty details of how internet scams work.

Guess who got phished?

https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/