At the RSA SF Conference in 2010 my mother and I presented a talk called “There’s No Patch for Social Engineering“.
One of the key findings revealed in the talk (also explained in other blog posts and our 2006 paper) is that intelligence is not a reliable defense for social engineering. A press-release put it this way:
For seven years, Harriet Ottenheimer, a K-State professor emeritus of anthropology and a Fulbright scholar to the Czech Republic, and her son, Davi Ottenheimer, president of security consultancy flyingpenguin, collected and analyzed Nigerian 419 e-mails for clues that could be used to block these messages. These spam e-mails are called Nigerian 419 messages, or 419 for short. The number “419” refers to an article of the Nigerian Criminal Code concerning fraud.
Ottenheimer used her linguistic skills to decode the discourse of the scam e-mails and how they work on their victims. Primarily, she said, the victims have been well-educated westerners, such as such university professors, doctors, lawyers, financial planners and bankers.
The New Yorker just ran a story that provides similar results from a new study.
When people face an uncertain situation, they donâ€™t carefully evaluate the information or look up relevant statistics. Instead, their decisions depend on a long list of mental shortcuts, which often lead them to make foolish decisions. These shortcuts arenâ€™t a faster way of doing the math; theyâ€™re a way of skipping the math altogether.
A new study in the Journal of Personality and Social Psychology led by Richard West at James Madison University and Keith Stanovich at the University of Toronto suggests that, in many instances, smarter people are more vulnerable to these thinking errors. Although we assume that intelligence is a buffer against biasâ€”thatâ€™s why those with higher S.A.T. scores think they are less prone to these universal thinking mistakesâ€”it can actually be a subtle curse.
This appears to me further proof of our conclusions in 2006 and presentation at RSA in 2010; the Advanced Fee Fraud (AFF) or 419 scam uses a bias attack vector that reveals smarter people can be more vulnerable.