Friday, 11 November 2011

Bad habits

There’s a hilarious joke that all psychology students are told in their first lecture. What’s the difference between a psychologist and a magician? One pulls rabbits from a hat, the other pulls habits from a rat. See, I said it was hilarious. In fact psychology is full of jokes. Just think of anything ever said, written, thought or published by Freud or Jung. Hilarious, pseudoscientific, implausible and non-falsifiable nonsense.

But habits are one of the things psychologists think about a lot. During my own, mercifully brief time in a Psychological Medicine Department one of our key tasks was to teach people ways of overcoming the psychologically dangerous habits they’d developed. Habits like anxiety attacks, phobic reactions to certain situations or generally just being pathetic.

Not all habits are psychologically damaging though. Some are just traditions or patterns of behaviour that we can’t imagine being different. I can’t imagine choosing to buy a computer that isn’t an Apple or flying with an airline other than Virgin Atlantic (when I have the choice). It might be the same with your choice of bank, shoe shop or restaurant.

Sometimes habits can be more dangerous than just being a bit conservative and avoiding new experiences. Sometimes they can pose a serious risk. Being overly trusting can be a habit. It can be such a habit that it’s impossible to distinguish it from gullibility.

It’s often easy to think the victims of scams are just plain gullible, certainly after they’ve fallen for it. Of course it’s more complicated than that. Successful scammers spend a LONG time cultivating their victims, waiting a bit longer for a higher return.

A reader got in touch last week saying:
“I am expecting a parcel from the UK and it looks like the parcel has money in it and it is now stuck in Malaysia. They charged me for money laundering and I have paid the charge now they want me to pay for insurance and tax. I would like you to investigate for me because they sent me the charges and they did not say anything about tax and insurance.”
Can you smell a scam? I haven’t been told the whole story yet but I know what’s going on here. This reader is the victim of a romantic scam. Over a few months she was electronically seduced by someone claiming to be in the UK (but no doubt actually in West Africa). She probably met him either on Facebook or a dating site and he gradually ingratiated himself and, on her side at least, love blossomed. Of course he was probably doing this to dozens of other women around the world at the same time. He would have copied and pasted his expressions of love from one email to another making a production line of fake romance. He also would have copied the promise to courier a package of gifts to her. This fake package included a “set of daimond ring, 1 London Suit, 2 sets of silver jewelries, 3 perfume, 2 Rolex wrist watches, digital camera, Black Berry phone and photos”.

Our victim’s only crime is gullibility, the habit of believing things that are too good to be true. The tragedy in this case is that she was gullible enough to believe the email she received saying that the package had been stopped in Malaysia and that she had been “charged” by the Malaysian authorities for “money laundering”. She was gullible enough to pay them over P8,000 for the fictitious fine they were imposing.

Although there is no chance she’ll ever get her money back I hope that her habit of believing strange things has been broken.

Scams aren’t the only risk that bad habits can provide. What about having the contents of you bank accounts stolen?

I know of a major bank that allows you to view and change your credit and debit card PIN numbers online, via the internet. Any IT people will know that it’s pretty easy to install what they call a “keylogger” on someone’s PC that tracks every key you press and then sends the history to another computer. In theory they could see your new PIN number from this log of keystrokes. However this bank has thought of that and you also need to get a special message to your cellphone to confirm it’s really you logging on. It’s probably fairly secure.

What worries me more than this is the habit that this might create. If you and I get into the habit of entering details as sensitive as our ATM PIN numbers on web sites where else might we feel comfortable entering them?

Over the last couple of years I’ve seen a number of increasingly high quality “phishing” emails. These claim to be from your bank and usually alert you to a security breach in your account somewhere. They link to a web sites that looks exactly like your bank’s web site but in fact is hosted somewhere else. The web page asks for your basic Internet banking username and password but often also asks for your ATM PIN. Of course as soon as you enter all these details they disappear into a database owned by organized crime. If you’ve entered correct logon details you can assume that within moments the crooks will have logged on to your bank and stolen your money.

My concern is the habit of trusting things on the Internet. If your bank encourages you to enter things as sensitive as PINs, aren’t you more likely to trust a phishing site? While I’m a big believer in how the Internet can improve things it’s also the most untrustworthy thing I’ve ever encountered.

We need to get into the habit of not trusting the Internet unless we have a very good reason to do so.

No comments: