Wednesday, August 10, 2011

The problem of spotting scams

Ed Bott writes an interesting article on the subject of Why do people fall for trojans? As he explains, one of the problems is that the steps that one must go through to make even a legitimate purchase can often resemble the experience of a scam, including false alarms such as Windows warning us that our legitimately purchased item "might harm your computer".

This is also one reason why I think schemes such as the "verified by Visa" scheme for credit card purchases, in addition to being senselessly irritating, are actually a bad security measure because they imitate during a legitimate procedure precisely a process that an attacked might exploit or which might be the warning sign of an attack. Or in other words, in both this case and the scarey dialogs that can appear in Windows while you are downloading and installing a legitimate program, we are actually risking that what should be warning signs actually become ignored due to being "dulled by familiarity".

No comments: