when relevant content is
added and updated.
Bruce Schneier said, “Blaming the victim is common in IT: users are to blame because they don’t patch their systems, choose lousy passwords, fall for phishing attacks, and so on.”
So true, and something that I have come to (reluctantly) refrain from doing. Face it, people do things they shouldn’t do, or don’t do things they should. Either way, if there are no immediate consequences, no lesson is learned. Unless Lizzie’s PC completely shuts down when she clicks on an email link, she’ll continue to do it, oblivious to any strange behavior in her browser that results. And she’ll never connect those ill-advised clicks to the theft of her credit card information and subsequent fraudulent charges to her account.
These days, malware is designed to appear as if it’s supposed to be there or to make its effects blend in with the normal operation of the computer. I see this stuff every day and when it simply redirects the browser to another search site or pops up a message saying I need to speed up my computer, I find myself sympathizing with the user. When the really scary popups – “You have 10 bazillion infections!!!! Click here to clean now” – show up, I realize that no one with insufficient technological knowledge is going to recognize that for what it is. The knee-jerk-click-the-button reaction to the scary message is what the crooks depend on.
So, don’t blame the victim. Don’t chastise them for what happened. Don’t make them wrong. Do gently explain to them what happened and hope that the repair bill is sufficient experience and feedback for them to think twice the next time.