We Fall for Phishing Scams Because We're No Longer Afraid of Nature

Aside from press releases about Japanese all-girl doom metal bands, my personal email account is pretty free of spam, largely because I try to use throwaway accounts for anything in the shadier regions of the web. But that means that when something does pop up in my spam box, I usually end up reading it. Not so sound like a bewildered old man, but I don’t get why every obvious scam message includes "THIS IS NOT A SCAM" within the first fifty words. Who falls for this shit?

Well, apparently, a whole lot of people do. Phishing is still enough of a problem that all the top web companies are pushing something called DMARC that’s basically a new system for email authentication. DMARC is needed because currently email authentication is so wonky that just about anybody can impersonate someone else. This explains why you sometimes get spam emails that look like they were sent from yourself.

More dastardly, people can impersonate your bank and whatnot, which is why currently all legit emails come with that blanket "we’ll never ask you for your password" statement. Those firms claim that, with DMARC, that statement won’t ever be needed again because fakers will not longer be able to work.

Phishing has been issue since the dawn of the Internet. I, for one, remember hustling Runescape by faking top players’ screennames with careful ‘o’ / ‘0’ switches. (That might not really be phishing, but it’s certainly embarrassing.) But in this day and age, when the web is less a Geocities wild west and more a corporate romping ground, how is it that people are still falling for all these fake-ass email scams?

From an evolutionary standpoint, being able to recognize cheaters and fakers is a seriously valuable asset. Through the history of all organisms there has been a continual battle between so-called cheaters and the honest folk. In nature, it’s a more abstract concept; if some sneaky fish scores a mate over the so-called ‘honest’ guy, who’s to say he was in the wrong? Well, the fish who got robbed, of course.

It’s the same for us, and we hate cheaters, as evidenced by the fact that a significant portion of the web is dedicated to shaming crappy Photoshops. And, really, we mostly evolved under the same conditions as other beasts, and as such should have a healthy sense of skepticism and wariness just like other animals have evolved. In the case of phishing, those damn Nigerian email scams, résumé requests from Russian brides, and even phone calls promising free cruises, what the hell happened?

I think it’s the lack of nature that happened. There’s a new hypothesis floating around that suggests because humans haven’t always been able to make nature their bitch, they were naturally wary, and in many cases awestruck, by nature itself. A book of essays from Ivy League biologist called "The Biophilia Hypothesis," first reviewed by the New York Times way back in the early 90s, suggests that our general wariness (or fear, even) of nature still influences our decisions today. That fear would obviously help when you’re confronted by a wolf. Today, this may be the reason we pay more to live near open areas and parks, rather than in enclosed places, like where a snake or poisonous spiders might live.

But the biophilia folks also suggest that our natural vigilance has slowly faded away after generations of city life. Think about it: Aside from getting dive-bombed by a pigeon, when was the last time you worried about a mountain lion pouncing from a tree, or a bear popping out from behind a trash can? City and suburb life has turned us all soft. Considering that, since the book was written, we’ve increasingly moved to urban and suburban areas, and enjoy the bulk of our nature through the safe environs of zoos, TV, and the web, it’s a trend that can only have gotten worse.

So how does that affect our relationship with phishing? Well, while we still seem to have a healthy hatred for cheaters, our time spent removed from the environments that produced that anger may be decreasing our ability to recognize cheats as they happen.

Think of it this way: When you’re living out in the wild, with all of the hardships that includes, you’re automatically going to question anyone offering you a free lunch. Now, we’re becoming more naïve, and we’re less likely to question what appears, at least superficially, to be something legitimate. It’s like modern life has turned us all into Little Red Riding Hood. We don’t recognize that grandma is a wolf because we’re not worried about wolves anymore, we’re just focused on the proverbial Internet cookies. Which, let’s be honest, taste like turds anyway.

Follow Derek Mead on Twitter. Have a question? Write Derek at derek(at)motherboard.tv.