I have written before about the cyclical nature of fraud and, in particular online spam.
I thought I’d let you in on some of the reasoning behind how I review fraudulent e-mails and identify the trends they indicate.
For example, did you know that, in 2005 and 2006, a certain type of spam, which I’d seen before in similar circumstances, indicated the collapse of the US housing market that lead to the Global Financial Crisis. Because the economic indicators were contrary to the sociological indicators, the US Fed went with what it knew (economics) and ignored the warning signs (sociological).
The nature and timing of that spam is, sometimes, responsive to socio-economic conditions and sometimes predictive of those conditions. And sometimes it’s just that the world’s major spam-scammers really do just have a pick-list of scams they, and the call centres they set up to deal with responses, for the simple reason that those working in the call centres have to maintain their stories and while multiple identities isn’t especially difficult, to maintain multiple identities over multiple types of fraud is far from easy.
Whereas, before the internet, fraud tended to have five year cycles in the internet age that has reduced to less than two years and often only a few months, depending on the nature of the hook that the criminals use.
It is always helpful to work out whether a fraud is
a) a random fraud by a criminal who has bought a mailing list on the internet
b) part of a systemic fraud that is responding to, or predictive of, socio-economic conditions
c) the current fraud in a range of frauds put out in rotation.
I am not going to use the word “threat” in the sense that it is commonly used in relation to internet crime.
For my purposes, the word “threat” is an express use of words to convey that some harm will come to the recipient or someone/something he cares about.
Think about the origins of the term: someone shakes a fist in you face: that is a threat. There is a direct and clear communication of impending harm.
In relation to the harm that is not expressed but arises from the action, I will use the word “risk.”
Walking down a dark alley late at night is a risk; but it is not a threat.
In short, a threat is something you know about and expect; a risk is an adverse effect that you may or may not suspect but which is not made patent.
As the article progresses, the importance of the distinction will become clearer.
This article is not about the nature of the risk: it is about the nature of the e-mail that opens the door to that risk.
Some of those are threats but most are not; most are seductions of one form or another.
In this context, a seduction is a message that encourages the recipient to reduce their risk awareness and to perform an act that a fully aware person would, or might, not perform.