Long before there was a World Wide Web, when the internet was largely a playground for academics and the military, and most people still thought spam was a canned meat, there were already hoaxes and scams (pyramid schemes, Ponzi schemes, lures into premium rate phone services, fake friends and stalkers...). Early internet worms evolved into the mass-mailers of the last decade and then into Facebook clickjacking apps. Old-school viruses evolved into a range of threats from botnets to specialized banking trojans to the highly specialized attacks that some call APTs
. And just as the pre-WWW world of Usenet and email morphed into social networks and Twitter, so too did malicious social engineering – focused on psychological manipulation rather than malicious code – adapt effortlessly to the new environment.
Hoaxes and scams both incorporate deception, and may even look very similar, but scams are largely motivated by profit. The hoaxer is more likely to be bolstering his/her own self-esteem by proving how stupid others are than anticipating any financial gain.
There’s an interesting parallel here. Before the malware scene became all about profit, virus writing was mostly about glorifying the virus writer and giving them 'bragging rights' among peers, though in some cases there was a clear intent to do damage to data. Similarly, while the contemporary scammer or malware writer is happy to exploit gullibility for profit, the hoaxer usually contents themselves with proving that other people are more ‘stupid’ than they are. However, it’s likely that profit-driven scammers sometimes justify their activities to themselves by stressing the victim’s undesirable stupidity: de-personalization of the victim is a significant factor in preserving the criminal’s favorable self image.