Monday, September 25, 2006

Assignment 5: I was easy to deceive...when I was a kid.

I chose option 2.


I’d say that now I’m pretty decent at detecting fraudulent sites online (although the assigned articles made me doubt that ability slightly), but when I was an inexperienced kid it wasn’t as easy. A looong time ago, there was an online game that I frequently played (remember Neopets, anyone?). There were many things you could do in this game, and one of them was that you could buy and collect different items, and also you could choose to sell your individual items to other players in your own personalized store. I’m not sure the technical details of how this was accomplished, but some people would alter their stores so that it appeared that they were selling very rare items for a very low price, which would entice unsuspecting people to click on the ‘purchase item’ link. These links would actually bring the user to a page not hosted by the original site, but a site that was made to imitate the original site (and trust me, it looked identical). This page, however, prompted the user to re-enter their username and password, and then it redirected them to the original site. The usernames and passwords were then used by the deceivers to gain access to others’ accounts.

This was a clear example of what Grazioli calls mimicking. As Grazioli would say, this was simply an act of desire for “immediate gratification.” This was not a very evil or criminal plan, as the deceivers were simply gaining access to others accounts on an online game – there was no personal or financial information they could have accessed. So while this was not very harmful, deception did still occur, and many people were fooled by these misrepresentative pages.

I think the reason the deceivers were successful in their deception is that they were deceiving a population of young (pre-teen was the approximate age target by this game), computer-inexperienced crowd, who doesn’t even know that they should be looking out for phishing or deception scams. Also, they used images and text that appeared to be from the original site, which the users would recognize and consider trustworthy.

This situation is deception according to all of the main definitions we have studied – it used showing (in the form of mimic) and hiding (in the form of disguising) to control perceived assumptions, and it was knowingly transmitted to foster a false belief. There was no reason for any of the users to suspect that they were being directed to a page outside of the game – they were following Nyberg’s strategy of “letting it happen” by allowing a person to acquire that false belief.

2 Comments:

At 4:30 PM, Blogger Nicole said...

This is a really good example of online fraud. If I had to think of an example I've experienced, I don't think I could have thought of one, either because I have never been deceived, or I have never been able to detect the deception. How did you finally realize that there was deception taking place in this online gaming world? It is also funny that someone would create a website to steal fake items from a person to access their account. It is still deception, just an odd way to use deception. I agree that I do not think this form of deception is necessarily evil because, as far as you know, it did not cause any harm. Great analysis and good job coming up with an example.

 
At 9:24 AM, Blogger Barrett Amos said...

I think I have to agree with Nikki about the moral issue here. Just because no personal or financial information was given away doesn’t mean that the deception wasn’t wrong or evil. Think of the emotional involvement that pre-teens can put into such games, and then think of how much stress it would put on them to find out that someone unknown entity had gone in, stolen their password and messed up their account. I would argue that for a pre-teen, this would be on the same level of having a few hundred dollars stolen out of your bank account. So while it may not be quite as evil as say someone gaining your PayPal account information, I wouldn’t discount it as mostly harmless either.

So what do you think the developers of Neopet could have done to prevent such fraud and deception? Personally I don’t think things like certificates, authority seals, and secure connections would mean all that much to a kid looking to play a game. At that age I don’t even think I would know what they were. This brings up another moral question: is the onus for pre-teen security and safety on the developer or on the end-user? While I don’t think there is a conclusive answer, I believe Dhamija et al. would argue that the responsibility lies mostly with the developer. What other features could have been implemented?

Anyway, great post and I like how you brought morality into play. It makes the debate over online fraud and deception just that much more interesting and important.

 

Post a Comment

<< Home