{"id":105,"date":"2024-08-05T15:51:21","date_gmt":"2024-08-05T12:51:21","guid":{"rendered":"https:\/\/sites.uwasa.fi\/bugged\/?p=105"},"modified":"2024-08-07T08:24:10","modified_gmt":"2024-08-07T05:24:10","slug":"has-the-digital-become-too-much","status":"publish","type":"post","link":"https:\/\/sites.uwasa.fi\/bugged\/2024\/08\/05\/has-the-digital-become-too-much\/","title":{"rendered":"Has the digital become too much?"},"content":{"rendered":"<h2>Thoughts on cybersecurity in the age of information overload and maintaining a well-balanced life<\/h2>\n<h3>Highlights:<\/h3>\n<ul>\n<li style=\"text-align: left\"><em>For individuals<\/em> &#8211; Know your strengths, they may be your weaknesses<\/li>\n<li style=\"text-align: left\"><em>For designers (and businesses)<\/em> \u2013 Know the lives (and I mean \u2018multiple lives\u2019) of your users, make interaction fool proof wherever possible<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-113 alignright\" src=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-rgbgpa0q-1722861961170-raw.jpg\" alt=\"Stop cyber scamming\" width=\"412\" height=\"412\" srcset=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-rgbgpa0q-1722861961170-raw.jpg 1024w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-rgbgpa0q-1722861961170-raw-300x300.jpg 300w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-rgbgpa0q-1722861961170-raw-150x150.jpg 150w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-rgbgpa0q-1722861961170-raw-768x768.jpg 768w\" sizes=\"(max-width: 412px) 100vw, 412px\" \/><\/p>\n<p>As a privacy researcher, I shouldn\u2019t be saying this. But, on Saturday I was scammed. I really don\u2019t know how it happened. Or, let\u2019s put it this way, I know how it happened, but I have no idea how I fell for it. In theory, I know that you treat all emails with caution. You do not open attachments, you do not click on links. And, of course, you do not give your credit card and banking details \u2013 ever. So easy to remember. So easy to usually do.<\/p>\n<p>We read about these victims (in our minds, the elderly, children, people with varied abilities, the uneducated, and many more terms\u2026) and think, \u201cHow did they do it?\u201d In his <a href=\"https:\/\/www.linkedin.com\/pulse\/who-most-likely-victim-cybercrime-andrew-hartley\/\">LinkedIn blog<\/a> cyber security advocate Andrew Hartley (2021) states that anyone can be a victim. There are, however, stronger tendencies in various population groups. These include: 1) <em>Age-related factors<\/em> \u2013 people over 65 compose a significant number of victims to cybercrime, with a growing number of people under 25 years old (Millennials and GenZers \u2013 supposed digitally connected natives); 2) <em>Poor overall security management<\/em> \u2013 mainly weak and heavily repeated (single) passwords (see also Woods and Sipponen, 2018); and 3)<em> The Uber connected<\/em> \u2013 those who rely heavily on their connected products (i.e., smart phones and other devices) and also those who readily share extensive information in e.g., social media.<\/p>\n<p>The types of high tech involved in cybercrime include (Europol, 2022), but are not limited to:<\/p>\n<ul>\n<li><strong>botnets <\/strong>(robot networks) \u2013 many computers communicating with each other over the internet<\/li>\n<li><strong>rootkits<\/strong> \u2013 collections of programmes enabling administrator-level access to computers and networks<\/li>\n<li><strong>worms<\/strong> \u2013 replicating themselves throughout a computer network, performing malicious actions with no human guidance<\/li>\n<li><strong>trojans<\/strong> \u2013 posing as legitimate programmes, yet designed for malicious purposes (spying, data theft, file deletion, expanding botnet, and performing DDoS (distributed denial of service) attacks)<\/li>\n<li><strong>file infectors<\/strong> \u2013 infect executable files (e.g., .exe) via overwriting or integrated infected code disabling them<\/li>\n<li><strong>backdoor\/remote-access trojan (RAT) <\/strong>\u2013 access computer systems and devices remotely. These can be used to install other malware, giving total control to attackers performing: monitoring, executing commands, file sending, keystroke logging, taking screenshots<\/li>\n<li><strong>ransomeware <\/strong>\u2013 stop users from accessing devices<\/li>\n<li><strong>scareware<\/strong> \u2013 fake antivirus software<\/li>\n<li><strong>spyware<\/strong> \u2013 to monitor activity<\/li>\n<li><strong>adware<\/strong> \u2013 displaying advertising and pop-ups<\/li>\n<\/ul>\n<p>Then, of course there are the common types of cybercrime including phishing (social engineering to manipulate receivers into giving sensitive information such as credit card information and banking credentials), hacking (breaking into accounts, shutting down and misusing websites and networks), identity theft, spreading hate (inciting terrorism), grooming (building up relationships to manipulate and exploit individuals), and spreading child pornography (Government of the Netherlands, n.d.).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-115 alignleft\" src=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-fi4bjli2-1722862144103-raw.jpg\" alt=\"Doing gardening on a summer's day\" width=\"440\" height=\"440\" srcset=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-fi4bjli2-1722862144103-raw.jpg 1024w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-fi4bjli2-1722862144103-raw-300x300.jpg 300w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-fi4bjli2-1722862144103-raw-150x150.jpg 150w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-fi4bjli2-1722862144103-raw-768x768.jpg 768w\" sizes=\"(max-width: 440px) 100vw, 440px\" \/><\/p>\n<p>As human beings our quickest mode of cognition (thinking) and behaving (acting) occurs through our affective emotional processing. Daniel Kahneman (2011) famously called this mode of thinking System 1, as compared to System 2 that sees people delve into deeper, information rich and associative modes of thought. System 2 is slower and is characterized for being responsible for higher order cognition, in other works, the types of thought processes enabling expertise. There is a myriad of theoretical cognitive-affective explanations of the differences between primal, or lower order, and higher order modes of thinking in the field of cognitive science. This intricate relationship between cognition and emotional states have often been talked about in relation to i.e., <em>Appraisal Theory<\/em> (e.g., Ellsworth, 2013; Frijda, 1993) and <em>Core Affect Theory<\/em> (e.g., Russell, 2003). Appraisal for instance, is very much about how humans appraise or evaluate perceived information against \u2018concerns\u2019 (criteria or interests, concern for survival and wellbeing), which also involves \u2018fast\u2019 (primal) and \u2018slow\u2019 (higher order) processing, very much tied into theories of <em>basic<\/em> and <em>higher level<\/em> (associative) emotions (see also, Ekman, 1992; Ortony, 2022).<\/p>\n<p>Depending on what our priorities are, the ways in which we emotionally process information differs, particularly in instances of cybercrime. For some, a phone call from an anonymous number with an urgent voice at the end stating that the <em>caller is from Microsoft and your account has been hacked<\/em>, you need to give your credentials in order for \u2018us\u2019 to rectify the situation, may trigger an immediate panic state, resulting in the disclosure of user names and passwords. For others, like me on Saturday, that trigger was, \u201cI have already paid, you can go into Tori.fi through this link to retrieve the 60 euros.\u201d<\/p>\n<p>My mode of processing was, \u201cThis man has already paid me money. I (<em>owe him<\/em>) need to go in and retrieved and send the products as soon as possible.\u201d I did not want to \u2018muck the customer around,\u2019 so fell for the trap hard and fast. I kept looking at the URL that stated \u2018Tori.fi\u2019 with the \u2018lock sign\u2019 to reassure myself that I was giving my details to the right source. If I would have stopped to think I would never have arrived at this situation. And actually, at first my reaction was, \u201cI have chosen not to send the products, I will just respond \u2018No\u2019,\u201d but then thought, \u201cWhy not? If it\u2019s easy, it\u2019s easy, and he\u2019s already, and stating \u201cI paid\u201d\u201d I have a sense of \u2018duty\u2019 that does not always make sense at times. <strong><em>This sense of duty was my downfall<\/em><\/strong>.<\/p>\n<h3>Thus, my <strong>5 cognitive-affective tips for future personal privacy and cyber security practices<\/strong> are:<\/h3>\n<ul>\n<li><strong>Know your strengths and weaknesses<\/strong>, not just in terms of behavior, but also values \u2013 what makes you strong as a person, giving you high integrity, may be your downfall when faced by dishonest people;<\/li>\n<li><strong>Don\u2019t do ANY financial business via email &#8211; <\/strong>with strangers you may even consider CASH ONLY ALWAYS;<\/li>\n<li><strong>Put yourself in machine mode<\/strong> \u2013 have a silent rule, or even physical\/digital constraint that does not allow you to answer or act upon emails within 24 hours, and perform a \u2018<em>two-point verification process\u2019<\/em>. This means that if money (buying\/selling) is in question, no matter how simple the issue seems, your machine (you) don\u2019t work without verification from another, responsibly thinking adult;<\/li>\n<li><strong>If you\u2019re out of your comfort zone, don\u2019t go there<\/strong> \u2013 go with your first instinct, the one you had when you carefully considered your mode of action, the safe mode that you can map out well in your mind. DON\u2019T MAKE ANY SUDDEN MOVES;<\/li>\n<li><strong>For designers, developers and businesses<\/strong> \u2013 know people well and focus on user\/customer vulnerabilities to identify and remove ANYTHING that possesses anticipated slip-ups.<\/li>\n<\/ul>\n<p>For instance, when I contacted Tori.fi about the incident (after being told by the credit card and account closure helpline that Tori.fi is FILLED with scammers and these types of incidents are occurring ALL THE TIME), their reply was:<\/p>\n<p style=\"text-align: center\"><em>One thing that can affect the fact that you receive more scam messages than usual is that if your email address matches the nickname\/screen name\/username visible in Tor (e.g. first name\/last name combination).<\/em><br \/>\n<em>\u00a0<\/em><br \/>\n<em>Based on that, fraudsters come up with a mass e-mail in all combinations using first name, last name, username, nickname, screen name or other predictable title as the front of the e-mail and then put one of the well-known e-mail endings (e.g. (at)<a href=\"http:\/\/gmail.com\/\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=http:\/\/gmail.com&amp;source=gmail&amp;ust=1722916589328000&amp;usg=AOvVaw1JmOuUDEOa4VYPtqKQmVed\">gmail.com<\/a>, (at)<a href=\"http:\/\/hotmail.com\/\" data-saferedirecturl=\"https:\/\/www.google.com\/url?q=http:\/\/hotmail.com&amp;source=gmail&amp;ust=1722916589328000&amp;usg=AOvVaw3l99Xbi9QCid_CdpXPh_xq\">hotmail.com<\/a>) at the end.<\/em><br \/>\n<em>In other words, this is how fraudsters generate a large number of contacts with the help of automation and hope that at least one of them will go through.<\/em><br \/>\n<em>\u00a0<\/em><br \/>\n<em>\u00a0<\/em><br \/>\n<em>In light of the recent phishing attempts and scams of payment card information that looks very genuine coming to the phone, together with the authorities (banks and the police), we have ended up hiding and limiting the display of the phone numbers of private operators in Tori announcements.<\/em><\/p>\n<p>For this reason, I wonder why the service cannot prevent the user from using the same screen name as email address? Simple, but maybe effective?<\/p>\n<p>Now, when calling my bank to make an appointment to go into the physical branch to show my identification documents and set up new users credentials etc. I needed to choose the \u2018Service for Seniors\u2019 option. Why? Because <em>ALL <\/em>of the other options were automated and required my user credentials that had been cancelled upon me realizing I had been scammed. I needed to phone my bank several times before discovering the option (the senior customer option) via which I could receive service without my credentials. Moreover, the next live appointment available at my nearest almost abandoned physical bank branch is in three days\u2019 time (I\u2019m now writing on a Monday). AND, to make a formal report of offence (rikosilmoitus) to the police, I need to fill an online form for that happens to require my\u2026. <em>yes\u2026. guess what\u2026. online banking credentials<\/em>.<\/p>\n<p>Not easy to survive is it? Something has got to give. My colleagues (Jaana Leikas, Hannu Vilpponen and Pertti Saariluoma) and I happen to have a paper that will be published in November precisely about this dilemma in light of older adults. \u00a0In terms of designing the ideal future, we as researchers, designers, developers and decision-makers need to consider the basic pillars and rights of human integrity and what it means to maintain a well-balanced, sustainable life. The fact of the matter is that no level of generalization will be apt enough to pre-empt specifically who will be prone to what type of scam. The circumstances surrounding particular scam instances (i.e., context and events in people\u2019s lives) are not considered adequately either. So, here\u2019s a run through of my circumstances:<\/p>\n<ul>\n<li><strong>Motivation<\/strong> \u2013 I wanted to get items that have been in storage for years out of my house, starting the new work year with a clean slate;<\/li>\n<li><strong>Pre-scam Emotional State<\/strong> \u2013 feeling like a super woman (pride), finally getting on top of the backlog (satisfaction);<\/li>\n<li><strong>During-scam Emotions<\/strong> \u2013 feeling like I <em>owe<\/em> the customer (undertaking the transaction of money he said he\u2019s already paid and supplying the goods);<\/li>\n<li><strong>Immediate Post-scam Emotions <\/strong>\u2013 amazing disappointment and despair (I had been giving away goods that others usually sell, and selling goods at a \u2018steal\u2019 as a part of what I self-reasoned \u2018my contribution to society,\u2019 and that was completely taken advantage of.<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<p>I had separated my diligent self-awareness of cybercrime and fraud that I would have with me on other occasions with my, \u2018getting stuff done around the house\u2019 and the mode of thinking when everything\u2019s going well \u2013 the idea of <em>maleficence<\/em> did not even cross my mind. That\u2019s another world.<\/p>\n<p>The effects of cybercrime are severe and the domain shouldn\u2019t go unnoticed, particularly from the victims\u2019 and potential victims\u2019 (everyone\u2019s) perspective. In addition to sales and purchase frauds being about the most prominent scams, the cybercrime victims (younger and more senior adults) suffer (Statistics Netherlands, 2023): diminished trust (in general); diminished sense of safety; sleep problems; depressive symptoms; anxiety symptoms; and reliving the incident.<\/p>\n<p>How to build a world or <em>economy<\/em> of trust in a world where you absolutely can\u2019t trust is an extremely challenging idea. Particularly, when many of these attacks are encountered by people in the comfort and peace of their own home. The circumstances of people\u2019s actions leading up to victimization are poorly accounted for by scientific literature and cybersecurity initiatives in general. Furthermore, one person does not account for \u2018one user\u2019. Rather, one person equals <em>many users<\/em> depending on the day, time and conditions of the user and interactions with technology. We understand that cybercrime is a hugely wicked problem that is spiraling out of control at a momentous rate, meaning that there is no way that on a technical level <em>anyone<\/em> can stay on top of deviant developments. BUT, what we can control are the obvious pitfalls that can be anticipated and have already proven to be flawed.<\/p>\n<p>Through communication and design for ALL OCCASIONS we can <em>make a difference<\/em>.<\/p>\n<p>If you have a story like mine that you would like to share, please contact me at: <a href=\"mailto:Rebekah.rousi@uwasa.fi\">Rebekah.rousi@uwasa.fi<\/a>, or via LinkedIn (<a href=\"https:\/\/www.linkedin.com\/in\/rebekahrousi\/\">https:\/\/www.linkedin.com\/in\/rebekahrousi\/<\/a>). I would love to hear from you, all knowledge is good knowledge when it comes to literally <em>saving lives<\/em>.<\/p>\n<p>This blog is linked to our \u201cEmotional Experience of Privacy and Ethics in Everyday Pervasive Systems\u201d project, funded by the Research Council of Finland.<\/p>\n<p>And, for more on this case see a recent Helsingin Sanomat article (6.8.2024): <a href=\"https:\/\/www.hs.fi\/suomi\/art-2000010613533.html\">https:\/\/www.hs.fi\/suomi\/art-2000010613533.html<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>References<\/strong><\/p>\n<p>Europol. (2022). Cybercrime. <a href=\"https:\/\/www.europol.europa.eu\/crime-areas\/cybercrime\">https:\/\/www.europol.europa.eu\/crime-areas\/cybercrime<\/a><\/p>\n<p>Frijda, N. H. (1993). Appraisal and beyond.\u00a0<em>Cognition &amp; Emotion<\/em>,\u00a0<em>7<\/em>(3-4), 225-231.<\/p>\n<p>Government of the Netherlands. (n.d.). Forms of cybercrime. <a href=\"https:\/\/www.government.nl\/topics\/cybercrime\/forms-of-cybercrime\">https:\/\/www.government.nl\/topics\/cybercrime\/forms-of-cybercrime<\/a><\/p>\n<p>Kahneman, D. (2011).\u00a0<em>Thinking, Fast and Slow<\/em>. Macmillan.\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/ISBN_(identifier)\">ISBN<\/a>\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Special:BookSources\/978-1-4299-6935-2\">978-1-4299-6935-2<\/a>.<\/p>\n<p>Russell, J. A. (2003). Core affect and the psychological construction of emotion.\u00a0<em>Psychological review<\/em>,\u00a0<em>110<\/em>(1), 145.<\/p>\n<p>Statistics Netherlands. (2023). 2.2 million cybercrime victims in 2022. https:\/\/www.cbs.nl\/en-gb\/news\/2023\/19\/2-2-million-cybercrime-victims-in-2022<\/p>\n<p>Woods, N., &amp; Siponen, M. (2018). Too many passwords? How understanding our memory can increase password memora<\/p>\n","protected":false},"excerpt":{"rendered":"<p>5 cognitive-affective tips for future personal privacy and cyber security practices<\/p>\n","protected":false},"author":388,"featured_media":106,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-105","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-yleinen"],"acf":[],"post_meta":"<span class=\"author\"> <span class=\"vcard\"><a class=\"url fn n\" href=\"https:\/\/sites.uwasa.fi\/bugged\/author\/rrousi\/\">Rebekah Rousi<\/a><\/span><\/span><span class=\"posted-on\"><a href=\"https:\/\/sites.uwasa.fi\/bugged\/2024\/08\/05\/has-the-digital-become-too-much\/\" rel=\"bookmark\"><time class=\"entry-date published updated\" datetime=\"2024-08-05T15:51:21+03:00\">05.08.2024<\/time><\/a><\/span>","post_categories":"<span class=\"entry-categories cat-links\"><a href=\"https:\/\/sites.uwasa.fi\/bugged\/category\/yleinen\/\" rel=\"category tag\">Yleinen<\/a><\/span>","post_thumbnail":"<a href=\"https:\/\/sites.uwasa.fi\/bugged\/2024\/08\/05\/has-the-digital-become-too-much\/\"><img width=\"640\" height=\"360\" src=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-kfiba5sk-1722861035311-raw-640x360.jpg\" class=\"attachment-banner-wide-640 size-banner-wide-640 wp-post-image\" alt=\"Scamming knowledgeable users\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-kfiba5sk-1722861035311-raw-640x360.jpg 640w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-kfiba5sk-1722861035311-raw-320x180.jpg 320w, https:\/\/sites.uwasa.fi\/bugged\/wp-content\/blogs.dir\/4\/files\/sites\/162\/2024\/08\/openart-image-kfiba5sk-1722861035311-raw-1024x576.jpg 1024w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a>","_links":{"self":[{"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/posts\/105"}],"collection":[{"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/users\/388"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/comments?post=105"}],"version-history":[{"count":17,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/posts\/105\/revisions"}],"predecessor-version":[{"id":133,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/posts\/105\/revisions\/133"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/media\/106"}],"wp:attachment":[{"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/media?parent=105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/categories?post=105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.uwasa.fi\/bugged\/wp-json\/wp\/v2\/tags?post=105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}