Software optimize

The truth behind those Nigerian 419 scammers

Why would 419 scammers say they're Nigerian, even if they are as American as apple pie? Michael Kassner provides some insight as to why.

An irate client was the impetus for this article. Not one to mince words, he said, "You recommended the @#$@# spam-filtering service, so why am I still getting 419 scam emails?"

Trying to buy time, I asked how the family was. Thankfully, doing so gave me a few minutes to figure out what he was talking about. The phone call ended with me asking for a copy of the offending email, including header information.

Look familiar?

URGENT - HELP ME DISTRIBUTE MY $15 MILLION TO CHARITY

I have 15,000,000.00 U.S. Dollars and I want you to assist me in distributing the money to charity organizations. I agree to reward you with part of the money for your assistance, kindness and participation in this Godly project.

I am "Name" and I am a 55 years old man. I am a South African living in the Garden City of Port Harcourt, Nigeria. I was the President of TOMOBA OIL LIMITED -- an oil servicing company in Port Harcourt."

You get the idea.

I called the client back, suggesting he forward the email to the spam-filtering service. They will add the domain to his black list and determine why the email slipped through. I also talked my client into asking if it is common for 419 fraud emails claiming to be from Nigeria to have "from addresses" outside the country. The email he sent me was sent from a Yahoo.co.uk account.

I then forgot (60 years does that) about the whole thing. That is until now.

I know "this" guy

His name is Cormac Herley. I've collaborated with him on several occasions. When he sees a digital anomaly, he doesn't forget about it like yours truly. He studies it. And, if there's something wrong, he will get the word out. That's what smart PhDs, like him, do.

Case in point, Cormac also noticed that 419 emails purported to be from Nigeria really weren't. And, true to form, his latest paper, "Why do Nigerian Scammers Say They are from Nigeria?" explains why.

More complicated than I first thought

To be honest, I thought 419 Advanced Fee Fraud was on the wane. Most users are aware of the swindle, and it's a complicated con to pull off. According to the U.S. Secret Service (419 crimes are under their jurisdiction), the usual steps are:

  • An individual or company receives an email from an alleged "official" representing a foreign government or agency.
  • An offer is made to transfer millions of dollars in "over-invoiced contract" funds into your personal bank account.
  • You are encouraged to travel overseas to complete the transaction.
  • You are requested to provide blank company letterhead forms, banking account information, telephone/fax numbers.
  • You receive numerous documents with official-looking stamps, seals and logo testifying to the authenticity of the proposal.
  • Eventually you must provide up-front or advance fees for various taxes, attorney fees, transaction fees, or bribes.

One can see that significant work is required. And, the victim can back out at any time.

Only the naive apply

To be successful -- and they are -- Cormac feels 419 scammers need a gimmick:

"The most profitable strategy requires accurately distinguishing viable from non-viable targets, and balancing the relative costs of true and false positives."

It took me a while to figure it out what he meant. Definitions helped:

  • Viable targets always yield a net profit when attacked.
  • Non-viable targets yield nothing.
  • True positives are targets successfully attacked.
  • False positives are those attacked but yield nothing.

As I see it, the introduction email costs scammers nothing, so they blast those out to everyone. The expense starts when the scammer receives a response and has to begin building a relationship with the potential victim. So to get the best return on their investment, the scammers want only the most naive, gullible people to respond.

By sending an email crafted like the one above, scammers will invariably get responses from just that set of people. Those in the know, like my client, will get irritated and discard the email. No big deal to the scammers, as no effort was required on their part.

Why Nigeria?

In his paper, Cormac asserted that using the name Nigeria is also a filter. As a test, I asked several people about Liberian 419 scams, and most corrected me, asking if I meant Nigerian 419 scams. Point taken.

I found an additional reason in this Economist article. It quoted Basil Udotai, former Nigerian cybersecurity director:

"There are more non-Nigerian scammers claiming [to be] Nigerian than ever reported. Even when Nigerians relocate to other West-African countries they retain Nigerian status, addresses, and operational bases in their e-mails for competitive reasons."

The article continued with Mr. Udotai suggesting why:

"It is Nigeria's dreadful reputation for corruption that makes the strange tales of dodgy lawyers, sudden death, and orphaned fortunes seem plausible in the first place."

How about some proof?

For his paper, Cormac polled several websites (this site and this site) tracking 419 fraud and what country is mentioned in the email. The following graph is the result.

Cormac adds the following:

"An examination of a web-site that catalogs scam emails shows that 51 percent mention Nigeria as the source of funds, with a further 34 percent mentioning Cote d'Ivoire, Burkina Faso, Ghana, Senegal, or some other West African country. This finding is certainly supported by an analysis of the mail of this genre received by the author."

Interesting, but it doesn't prove Nigerian 419 scam emails are originating in other countries. After some searching, I came upon a paper by Olumide Longe and Adenike Osofisan, researchers at University of Ibadan:

"Using freeware e-mail and internet protocol address tracers, we obtained results that deviate from the generally held beliefs about the origins of advance-fee fraud emails. Our findings have implications for research on spam filtering and by extension web security."

The following graph displays the 419 scam email origin of 400 scam emails they tested.

The researchers used IP2Location to obtain more refined geo-locations associated with scam email IP addresses. The results (redacted) below are from emails supposedly from a Nigerian financial company.

Final thoughts

Situations that are not what they seem fascinate me. The question now becomes; was this underlying deception in place initially or is it part of an evolutionary process?

I want to thank Dr. Herley, Dr. Longe, and Dr. Osofisan for allowing me to use their research findings in this article.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

100 comments
Heenan73
Heenan73

(a) A study of 400 emails out of billions is hardly conclusive

(b) Many spams originate from botnets, so country of origin may be misleading

(c) Many frauds outsource their mailing to spam networks - which have always had their HQ in 'the west', but use facilities and botnets all over the world.

The key point of the article MAY be right - but it's a sloppy article.

sylvesteecat
sylvesteecat

I tell them that my name is Idanott Stewiepitts (I'm not stupid) and that I am homeless and live in cardboard boxes.  For addresses I give them addresses for Law Enforcement Agencies throughout the US and their phone numbers.

When asked for bank information I tell them that the bank kicked me out of my trailer and they would have to contact the bank for the information.  I go on and tell them about picking up cans and taking them to the recycle place.


I ask if they are going to send me money would they send me $5.75 for the lunch special at the Din Din Diner for $4.00 then I would have $1.75 left over for coffee for the week.


The e-mails have dropped about 85% with my responses.

Uba David
Uba David

The truth about 419 victims is that they are greedy,because if they are not they will not fall victim of these scammers who are very desperate to dupe anyone of his or her belongings,so let's detest greed and work judiciously to earn our needs and be contented.

anxious lady
anxious lady

Would like to check if anyone of you already contacted by this so called person? Do you any experience being contacted by her or his????

ron_3101
ron_3101

I engage occasionally, in the internet sport of scam the scammer. I have one Barrister friend, whose IP tracks to Ghana, that has been after money from my aliased pen friend for 21 months (two years in October). It can be fun, once you get them hooked.

Mobinga
Mobinga

This actually makes me feel better as a Nigerian. Great write-up.

lmac1947
lmac1947

I like to pretend to go along with them using phony info. Then, when "they" are hooked, I let them waste a lot of time and energy before telling them to go to hell. I know, I waste a little of my own time, but I like to f*** with the bastards. lmac

Bhollyhock
Bhollyhock

I received a gazillion e-mails from all over the place. Even though I deleted them constantly, the deluge continued. On one occassion, I received one that said that I inherited millions from a distant (and unknown) relative who had no one else to leave it to, and if I would supply my banking information, they would begin the transfer process. I e-mailed back and told them how grateful I was that money would be coming my way because my 8-year old daughter needed life-saving surgery that my insurance wouldn't pay for; and God bless them for suppying such a miracle. Needless to say, I didn't hear anything back for a l-o-n-g time. Might be time to invent another sick baby, as these seem to be on the rise again! I'm thinking dying sister with three disabled children. . .

EzeXpl01t
EzeXpl01t

Does this mean I am NOT going to get my $29,000,000.00 from my late uncle Ishibob in Nigeria which I have never heard of?!?! D@mn it ... sigh

sean10
sean10

After years of nigerian lotteries and russian brides it appears some scammers are resorting to more creative storytelling methods... http://blog.eset.ie/ (possibly nsfw, no pics or vids though)

bryangb
bryangb

Just because the scam email originates from elsewhere, that doesn't mean it's not a Nigerian fraud. There's plenty of Nigerians and other West Africans living in - and operating scams out of - Europe. The sister of a Manila-based acquaintance was ripped off by West Africans living in London, so the scam email - and the online chats that followed - originated in the UK, but the money was routed through Standard Chartered Bank in Nigeria. There's also been newspaper reports of Amsterdam and (I think) Paris police closing down West African scam operations in their cities.

kwickset
kwickset

As far as the money scams go they more or less indicate that the allegedly huge amounts have been illegally obtained. Go for it at your own risk such as becoming an accessory and accomplice at the very least. Apart from that: why on earth would someone pick on me for such transactions? Two proverbs come to mind (forgot the authors, but they are actually well known): There is a sucker born every minute Never give a sucker an even break Another website detailing a real professional scam still ongoing http://ipta-info.com/

Deadly Ernest
Deadly Ernest

more modern Russian bride scammers who send out the emails that read along the lines of: I have seen your profile and would like to get to know you better. Here is picture me. Please reply soon. They seem to be more prevalent amongst the spam I get now, than the 419s are. Ernest

scratchmb5
scratchmb5

Yes, it is true that Nigeria and several west African countries has its share of corruption and dodgy officials, lawyers, and such I think that if people were simply better educated about the common sense of legalities instead of thinking with their greed it would be easy to read through a scam. First rule is corrupt government or not, they are not about to let vast amounts of money leave their country into foreign hands. Unclaimed monies, are tied up and secured until proof of ownership can be established, then such funds become property of the coffers of the government. Lawyers and bankers do not have legal access to such monies. Charities can claim monies but only if it was decreed by last will and testimony. In North America if we get caught in the scheme of such crimes we could go to prison for life. In other countries, they would not be so kind and said crimes could be punishable by death. Simple common sense, if it is genuine, they you should never have to pay a penny. If such a thing were true they would send you airline tickets, traveling expenses, hotel reservations, and there would be no fees. Guardians of estates are always reimbursed by the estate after you clear all legal documents and paid out by the estate. Then you will have to deal with the taxation of the government of the country you are leaving and then the taxation of your government when you return. After all is said and done, you might be able to afford a nice dinner at your favorite restaurant.

agogodavid
agogodavid

I have sung to as many people that care to listen... I have worked actively in IT in Nigeria for the past 4 years and got on the internet at about the time when the 419 craze started - The cohort right before me were the ones who perpetrated most of the cybercrime and glorified 419 in music and culture. They are simply not as sophisticated as they are made out to be. The ones who are successful do so from gut instinct and the luck of finding people greedy and gullible enough. That is not to excuse them in anyway though. http://www.quora.com/Why-do-so-many-wire-fraud-scams-originate-in-Nigeria http://agogodavid.com/2011/01/why-nigeria-is-unfairly-labelled-as-the-global-seat-of-cybercrime/

djp64
djp64

The SPAM email is likely coming from any one of millions of computers around the world infected with a bot. You can't tell the location of the originator by the IP address of the bot.

l_e_cox
l_e_cox

Not because of its details, but because it addresses the subject of criminality for real. Though the upper echelons of society today seem engulfed in criminality, the subject is hardly ever seriously discussed in the media. A common theory of why this subject is so neglected is that the media are controlled by criminals! But the IT community still has enough integrity to occasionally explore this topic. Look at how devious the criminal mind can be: When your cover story gets blown, you still use it in order to locate the people who never heard that it was just a cover story! Anyway, it's good to see someone still willing to devote some column-inches to this subject. If the planet is to survive, we will all eventually need to confront and understand the phenomenon of criminal thought.

jeasterlingtech
jeasterlingtech

i must get a dozen of these types of scams a day, sometimes i delete a bunch read a normal email then go back to my spam box and delete another hand full. if Nigeria had half the money they offered me they would be among the richest nations in the world the only one i have answered in the past few months (i use to send huge text files to them when i had access to a T3 line) was one claiming to be a FBI supervisor and if i didn't send them my info they would arrest me i spell checked their document (worse spelling then mine) and told them that if they sent me anything i would forward that message to FBIs cyber crime unit and since then those disappeared from my spam box

hdrob@cox.net
hdrob@cox.net

I got an interesting variant which did not imply that it was from a Nigerian, but from the FBI "Intelligence Unit"(?). It seems they are holding a box of money (USD$10.5M), addressed to me, which they intercepted at DFW airport and can not release it to me until a certain document (Diplomatic Immunity Seal of Delivery Certificate (DISDC),) is provided. Appropriate warnings, invoking the US Patriot Act Section 314a and Section 314b about making any inquiries other than by reply email. I have this email currently in my PHISHING mailbox and have not yet had the time to forward to appropriate investigatory agencies (FBI, Secret Service, or others, (any suggestions?)). Like most of us, I could use $10.5M, and hate to allow all this money be confiscated for non-action, but I have been busy.

ed
ed

I received an email from a friend (I'm her computer consultant--pet nerd, as it were) that included the text of a Nigerian 419 email. Her worry was that she wouldn't be able to get documentation so she could pay the taxes. Fortunately, her concerns as a responsible citizen (US) had kept her from responding until she contacted me to verify it was okay. Regrettably, it gets dull at that point as I explained what was being attempted. Not sure I ever would have guessed that wanting to be a good citizen would protect somebody from a scam.

akilt7
akilt7

Great Quote: Situations that are not what they seem fascinate me. The question now becomes; was this underlying deception in place initially or is it part of an evolutionary process? In this case, one should look at Africa from a world and 'so-called" historical view....

jemorris
jemorris

Was back in the mid 90's on a yahoo account I still use. I thought it sounded awfully odd so I did a little research and came up with numerous warnings about these emails. So I just ignored them for a while. This was well before yahoo had implemented junk mail controls. All of the ones I was getting were coming from the same address but occasionally had different "reply to" addresses. The frequency at which I was getting them had increased dramatically to at least one or two a week, so I replied back to one finally. One of the things the emails insisted was "all this transfer of funds was completely legal!" I told the reply-to address that it was NOT legal, that it was considered money laundering and on domestic cases was investigated by the FBI and on international cases by the Secret Service plus I was going to forward their emails to the Secret Service (I didn't it was just a bluff). I never got another email from that address and it was at least 6 months before I got any similar types of emails. Here's a site that has a series of videos of a victim and some efforts to recover some of what was lost. This woman was naive enough to fall for it and may give you some understanding of the how and why?!?! http://www.stophcommerce.com/

mowder
mowder

It seems to be rather time-consuming once you have found a naive mark. Hours of phone calls in order to prove bona fides usually preclude the participation of anyone who has anything better to do. Perhaps it's indicative of just how economically desperate many skilled Americans have become that they would use their knowledge to cheat other Americans, as opposed to using their powers for good.

rm
rm

Back when I was growing up in the 1950's Mexico or other South American countries were the location of choice. These scams seem to me to all be variations on the "Spanish Prisoner" scam - with gold mines replaced by funds of dubious origin. As I recall the original con had a prisoner languishing in a jail somewhere. There was an incomplete treasure map and only the prisoner knew the final details of location. So the mark had to supply money to bribe the guards to let the prisoner out. After that would come the "expedition expenses". The mark might insist on going or having a relative go on the expedition, in which case more money could be spent on ransom, etc.

Deadly Ernest
Deadly Ernest

to send it to you - NSC - Nigerian Scam Dollars.

hdrob@cox.net
hdrob@cox.net

"You can't cheat an honest man." -- origin unknown, title of a movie by W.C. Fields. 1939

Michael Kassner
Michael Kassner

Appreciate the links. I enjoyed your blog site. Best of luck in your studies. And I live in Minnesota, we have been enjoying the Northern Lights as well.

Michael Kassner
Michael Kassner

That applies to the initial introduction email. Afterwards, I would suggest it is relatively accurate.

Michael Kassner
Michael Kassner

419 has been around along time, I suspect main-stream media is busy with elections and such. The tech media covered Cormac's paper nicely. I just took a deeper look and expanded on spots I felt they overlooked.

Michael Kassner
Michael Kassner

The Secret Service says not to respond as then they know there is a live body at that address. I'm not sure if that is effective or not. Overloading the scammers would make their system fall apart. So, that's an effective countermeasure.

Michael Kassner
Michael Kassner

I used to direct people to the US Secret service website, but they know say this: "If you have received an e-mail or fax from someone you do not know requesting your assistance in a financial transaction, such as the transfer of a large sum of money into an account, or claiming you are the next of kin to an wealthy person who has died, or the winner of some obscure lottery, DO NOT respond. These requests are typically sent through public servers via a generic "spammed" e-mail message. Usually, the sender does not yet know your personal e-mail address and is depending on you to respond. Once you reply, even to tell them you are not interested, they will often continue to e-mail you in an attempt to harass or intimidate you. If you receive an unsolicited e-mail of this nature, the best course is to simply delete the message. The Federal Trade Commission's web site has a mechanism for reporting unsolicited commercial e-mail (spam) at http://www.ftc.gov/bcp/conline/edcams/spam/report.html."

Michael Kassner
Michael Kassner

I have been looking back and to be honest, I have obtained my history from member comments than what I've found. It's been wonderful learning from you the members.

Michael Kassner
Michael Kassner

And the link. I did not know about that particular website

Michael Kassner
Michael Kassner

I am searching for a time line. I'd like to know when a particular area started sending 419 email.

ftr
ftr

was first linked to the Spanish Civil War its relation in the 1950s to Mexico might make sens as quite a lot of Spanish refugees left for Mexico. But this would mean that Spanish created the scam which is not for sure

Michael Kassner
Michael Kassner

I had forgotten about that. Didn't make the connection either. Thanks.

agogodavid
agogodavid

Lucky you. Witnessing that is definitely on my bucket list. :)

l_e_cox
l_e_cox

Probably because it's off the mainstream radar. Yes, mainstream gets "busy." But that doesn't mean it should tell us only what someone else tells them to tell us (they have admitted to this openly). The recent shooting is a study in deception, but does the mainstream pick up on that? One small mention from Fox in Cincinnati. You also have the limitation that the tech media deals with workability. If a product didn't work, and the tech media kept reporting that it did, things wouldn't go so well for the tech media. By avoiding questions of workability, the mainstream media can offer us stories that are in fact totally fabricated.

djp64
djp64

Any successfully delivered emails would be assumed to be delivered to a live body. No response necessary. Besides, they are only interested in responses which make you appear to be a viable target.

rm
rm

If I recall correctly, there was a Reader's Digest book on frauds, scams & cons in the 1950's that used the phrase "Spanish Prisoner", but the con itself was probably used by adventurers trying to milk money from the nobility under the guise of rescuing some Crusader captured by the infidels who found the location of the head of John the Baptist (there are enough bones claiming to be from him floating around Europe to fill up a catacomb) just before he was captured in combat. Two other big cons I remember from the book: In the early days of radio broadcasting Dr. Ruth Drown performed psychic healing by telephone on her radio show and "Goat Gland Brinkley" who used radio advertising to promote his sexual rejuvination processes for men. Sound familiar? We have a friend who believes every word from her telephone connected psychic healer.

Michael Kassner
Michael Kassner

It would be interesting to be able to look back in 50 years to what is happening now.

Michael Kassner
Michael Kassner

As mentioned in the article. And knowing whether an email is delivered or not isn't a for sure thing.

Michael Kassner
Michael Kassner

I may have to get it. I dread going on Amazon. I never walk away with only one book.

rm
rm

Reader's Digest Scoundrels & Scalawags 51 Stories of the Most Fascinating Characters of Hoax & Fraud from 1968 I think it also includes the Radium water dispenser :-) BTW - this forum not tops a Google search - LOL

Michael Kassner
Michael Kassner

I'm old, but those are even a bit before my time. Thanks for sharing.