The biology of phishing

Some nefarious group recently made a phishing attempt against me, trying to lure me into providing bank account information in response to an Official Looking email.

Presumably, the combination of spam filters and alert consumers means phishing has a very, very low success rate.  Fortunately for criminals, email has virtually no incremental cost: you can send a million phishing messages almost as easily as you can send a thousand, or ten.  In contrast, con men can only be in one place at a time, and probably need to invest a lot of time per victim, so they need a much much higher success rate.

That brought to mind r/K selection theory, from biology:

– in r-type reproduction, creatures create zillions of offspring.  In stable ecosystems, almost all the offspring will die before reproducing, giving a (near-infinite offspring x near-zero success rate) arrangement.  Examples include insects, fish, and dandelions.  By analogy, phishing would fit this category.

– in K-type reproduction, creatures create few offspring, but the survival rate is much higher.  Basically, it’s a (near-zero offspring x near-100% success rate) type arrangement.  Examples include bears, elephants and whales.  By analogy, con men would fit here.

And this got me wondering how businesses look, when viewed through the r/K lens.  (It also got me sending emails to the local university asking if any researchers have been looking at this topic; we’ll see if anything pops up.  :)  )

By and large, virtual goods seemed to follow r-type behaviour, and physical goods, K-type.

Virtual goods: “r-type”   (few customers pay, most are free riders)

LinkedIn, Dropbox, and innumerable other software platforms use the freemium model, providing a basic service for free, but unlocking premium extras to users who pay up.  From a few minutes’ googling, it looks as though successful platforms manage a 1-5% “conversion rate” of freeloaders users to payers.

Conversion rates are higher in some cases: apparently, most of the top-grossing iOS games can be downloaded for free; the revenue comes from in-app purchases (e.g. from devotees who trade money for time, to advance faster).  Take me, for instance: I discovered the addictive iOS game “Tiny Tower” a couple short weeks before our son’s due date, and dropped tens of dollars into the game, in a hilariously vain attempt to level-up before he arrived and my free time carved an asymptote to zero…!

Presumably the r-type model is favourable for virtual goods because, once the software is written, the incremental cost of duplication / distribution is so low.  This wasn’t always the case for software, as we’ll see when we delve into counter-examples.

Since r-type creatures can create thousands of (mainly ill-fated) offspring at once, their “cost of duplication” must be pretty low, as well.  If dandelions create a thousand seeds per year, the species only needs a 0.1% success rate to sustain itself.  (Think of that, the next time you’re weeding!)  It gets worse for the gardeners, though: since dandelions are perennials, the necessary success rate is even lower!


Of course, many types of software follow the K-type model, where every customer theoretically pays for the product: business productivity software (e.g. Office) is a prominent example.

In these cases, I wonder if past history has conditioned consumers to keep paying: since Office cost hundreds of dollars in the past, maybe the high prices have been “sticky” because we’ve psychologically accepted that this is a reasonable price.  (At least until the iOS App Store came along, and conditioned everyone that software should max out at 99 cents.)

Twenty years ago, duplication and distribution weren’t free, so it made sense that software was pricey.  After all, it had to be copied onto disks, packaged in ridiculously oversized boxes, and shipped to stores along with promotional material to compete for shelf space, all before reaching the consumer!  Those costs can’t have been insignificant: back in the early 1990’s, I remember loading a version of Office that took up about 25x  3-1/2″ floppy disks!!  I’m pretty sure there was a paper instruction manual too; the postage alone would’ve probably cost more than 99% of the apps in the Apple & Android App Stores, today!

Physical goods: “K-type”  (most customers pay, few get freebies)

When I think of physical products — this laptop, the chair I’m sitting on, the knick-knacks in my field of view — I can’t think of any where the majority of production consists of freebies.  Giveaways, competitions and other marketing gimmicks might cannibalize a few percent of production, but for physical objects, business models involve customers paying (even if discounts are sometimes offered).

With physical items, duplication and distribution costs can be substantial so companies which give away too much product, won’t last long.  Similarly, K-type species need most of their offspring to reach maturity, or the species will die out, quick.  The specific biological analogy to “duplication cost” might be the time the parent(s) invest in their offspring, to maximize survival rate until the young are reasonably independent.


While I couldn’t think of any examples of physical products with an r-type sales model, many products use advertising; and advertising is definitely an r-type endeavour.  Companies will send their message out many, many, many times, with the expectation that over time, they’ll be able to bend consumers to do their will, without the consumers noticing.  Kind of like Inception.  ;)  One example might be how people’s taste buds are split 50/50 on Coke vs. Pepsi, but the Coca-Cola brand is powerful enough that folks know which drink is which, 75% of them prefer Coke.

Pheromones might be the animal kingdom’s equivalent of r-type advertising; only a vanishingly small proportion of molecules will ever waft into a suitable mate’s nostrils (or other olfactory organs, if the species is noseless).

While they aren’t strictly counter-examples, it has to be acknowledged that in biology, many species fall in-between the r- and K-type extremes.  (This appears to be why r/K-selection theory has fallen on hard times.)  Just going through the D’s, we’ve got dogs, ducks, and, uh… dwarf rabbits, which occupy a middle ground: several offspring at a time, with some parental supervision, and in the wild, low-but-not-near-zero survival rates.


Investing implications

It’s been my experience that when people talk investing, declarative sentences are red flags for the Dunning-Kruger effect: the more certain someone is, the more certainly they’re wrong.  Oh, so very wrong.  So very expensively wrong.  Especially for any blogging engineer who acts on the advice of those declarative sentences.  ;)

So I’ll be cautious in suggesting that looking at business through an r/K-selection lens, might complement the investing ideas of evaluating a company’s “moat”, and looking at turnaround plays, per the examples below.

When invading a new ecological niche, r-type creatures (insects, fish) can quickly gain dominance, if an unusually high proportion of their young survive.  But they could just as quickly lose dominance, as their competitors / predators are also likely to be r-type creatures.  It may not be that companies in software lack moats, but that the industry itself is inherently moat-less, because the rate of change is so fast.  It seems a safe bet that within a decade Facebook will join fellow pan-flashers Friendster and MySpace, ceding popularity to a new service.  Companies with a freemium business model might make great short-term speculations if they’re improving the conversion of users to paying customers (and if this improvement hasn’t yet been baked into the stock price).  But when it comes to investing, the sector seems too fluid to make long-term bets.

Because K-type creatures can’t expand as quickly, it stands to reason that their K-type competitors / predators are unlikely to expand quickly, either.  Companies with competitive advantages may not be able to annihilate competitors, but even companies where things are going south, management will get more time to right the ship.  Ford and GM seem to’ve come through to better times, despite Japanese automakers eating Detroit’s lunch for a generation.  (Auto production is insanely expensive to scale up!)  And despite the one-two punch of Walmart and Target, department stores still exist.  I don’t have a good sense of how department stores can get a second wind, but the Hudson’s Bay Company in Canada, seems to be going through an unlikely renaissance.  For now.

Post a comment or leave a trackback: Trackback URL.


  • Bruce  On August 19, 2012 at 4:18 pm

    There was an interesting paper a few months ago about how spam messages are crafted. It’s true they are sent out in mass quantities at low cost. But how come they are so implausible? Nigerian princes, Saudi princes … the cast of characters and scenarios is completely over the top.

    The Microsoft Research paper argues that it’s because of the transaction costs imposed by each respondent. The spammer wants to make sure that only the most absolutely gullible respond, so he deliberately crafts an implausible message:

    Thought it was relevant to today’s post. Are there any biological examples where the ‘offspring’ are r-type but cost a lot of money (to raise to maturity), so that there’s some deliberate culling phase where only the best of the million babies survive to be raised by the parent?

    I seem to recall some mammals (rats?) give birth to 8 babies but only the toughest few survive, and then the parents invest their food/time/energy in those few?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: