Eliciting Information Online

elicting-information-image

…the internet often provides an ideal environment for those with malevolent intent to elicit information from victims.

Emma Williams and Adam Joinson research scamming techniques and are based at the University of Bath.

In November 2015, the Metropolitan Police reported that they had investigated £4m lost through internet dating scams in the previous 12 months. Given the likely under-reporting of losses by victims, it is probable that this figure represents a small portion of the total amount lost by UK internet users. In fact in 2012 it was suggested that almost a quarter of a million people in the UK may have fallen for an online dating scam, a figure likely to have increased given the growth in online dating during the last four years. Online dating and romance scams work in part because relationships formed over the internet are vulnerable to ‘hyperpersonal’ patterns of interaction characterised by intense, accelerated feelings of closeness, rapport and trust. Because of this, the internet often provides an ideal environment for those with malevolent intent to elicit information from victims.

Causes of hyperpersonal interaction

There are a number of reasons why people often form overly positive, trusting relationships online that make elicitation of information more likely. These include:

Selective self-presentation: people choose what to communicate about themselves online – and usually that will be more positive aspects of themselves.

Idealised impressions: the person on the receiving end of these positive self-presentations often forms an idealised impression, with fantasy and social projection filling in the gaps.

Confirmation biases: Once we form a positive impression of someone, we often seek information to confirm the initial positive impression, leading to a feedback cycle of positive impressions and increased liking.

Uncertainty reduction: People tend to disclose more information about themselves online – one reason being that uncertainty makes us uncomfortable. We tackle this uncertainty by asking more probing questions. We also tend to disclose more information about ourselves, which encourages the other person to reciprocate.

The nature of online communication means that scammers are able to strategically present and edit information about themselves, presenting profiles that appear similar (through apparent shared common interests or group membership) or attractive to the victim. For instance, online romance scams mimic coveted gender stereotypes in their profiles, such as wealthy male widows, military personnel, and young females in support roles like nursing. In relation to this, fake social media profiles have been used to infiltrate online networks of military and defence personnel, with such attempts being successful despite the presence of inconsistencies in profile information. Alternatively, sometimes the scammer may pose as an existing individual that is known to the target or as a representative of a trusted institution or organisation.

Online scams attempt to create or mimic ‘trusted’ personas in order to appear genuine. However, they also have to address the doubts of victims when asking them to actively provide potentially sensitive information. They often do this by using a range of influence techniques that attempt to limit how deeply an individual processes information, encouraging them to make relatively automatic decisions based on stereotypes and biases.

This includes creating scenarios that invoke a sense of urgency so that victims feel they don’t have sufficient time to verify them, or creating an imminent crisis and asking for help so that people feel obliged to respond, particularly if emotions such as empathy, guilt or anxiety are invoked. For this to work they have to generate an emotional response from the victim through helping them identify with the character and situation they are presenting. Techniques designed to create an obligation of reciprocity in the future may also be used, such as providing free gifts or favours and requesting information in return. This combination of ‘editable’ online personas and complex influence scenarios may make people particularly vulnerable to information elicitation attempts in online environments.


eliciting information onlineThis article appeared in Issue 1 of CREST Security Review. You can read or download the original article here.