Don't worry me

Reading up on e-mail fraud, aka. phishing, I found this illuminating paper by M Jakobsson: The Human Factor in Phishing [PDF], which has this juicy tidbit relevant to general psychology:

Subjects did not like that this website said phishing attack in progress in three different locations. Some commented that phishing is too obscure a term for a financial institution to use in their communications – the phrase identity theft was offered as a plausible substitute. In Tsow et al. [44], it was established that if the focus on security was downplayed, then there was a significant increase in trust (p < 0.022).

So if you try to alert people that there's reason to be worried, they'll only be all too happy to shoot the messenger. Negativity and fear is judged on the basis of superficial association with things that look worrisome, not on what is genuinely detrimental or fearsome — in the words of the paper, People judge relevance before authenticity.

Which is to say, no other reason than that they don't like what they hear.

Further on:

This highlights why phishers often have higher click-through rates than legitimate providers of advertisements: Fraudsters can offer much nicer enticements than legitimate service providers, as they are not tied to their word.

About Markus Jakobsson.

[Technorati Markus Jakobsson diffuse fear messenger-shooting negativity not tied to their word shoot the messenger shooting the messenger superficiality what you want to hear]