Discussion on:

The truth behind those Nigerian 419 scammers

Nigerian scams are older than email. They were faxes and before that aerogrammes. When they arrived on paper, they had Nigerian stamps and postmarks.

Perchance do you have an example? I've never seen one that required a physical stamp.

Google images "paper Nigerian letter" You could have also used Snopes.

http://www.pacificnorthwestcoastbias.com/letters-of-note-missive-from-tanzania/

I get one 419 scam attempt a week on average, and none of the recent ones mentioned Nigeria. Singapore, China, Hong Kong, UK and a few others.

Seems to me, Nigerians summarily declared me a non-viable target, but haven't notified their foreign subsidiaries yet.

Thanks for the article, and for detailing the scam. Don't think I've seen a more in-depth review of it.

When you say they are from different countries, is that in the email body or the header?

In the body... "I am such and such party official of the Communist Party of China and need to quickly transfer the party purse to the US for safekeeping..."

Perchance, did you look at the header?

Just got one from "Mrs.Judi Alim from United Kingdom", came from mail.carpathia.gov.ua.

The only problem I see is that we aren't sure where the email came from. The .UA address could have been a subverted computer in a botnet. The only way I know to positively tell is through using something like a keylogger.

"The only way I know to positively tell is through using something like a keylogger."

Could you elaborate on that please? E.g. (1) somehow install a keylogger on a botnet zombie, (2) use it to figure out the C&C server physical location?

(Sorry for being dense :))

Thanks Michael for the pointer to Cormac's paper. It is extremely interesting and explains the tradeoff that an attacker has between getting high true positive while reducing false positive because in this case each false positive bears a cost.
Once you have read and understood the maths (typical classification stuff), you understand that the mere fact to be so blatantly a scam is a excellent classification tool that skims out the most gullible thus drastically reducing the potential number of false positives. Would it be less visible that it was a scam, more non gullible people would answer and generate a cost because after a while they would drop the interaction.
Really a very interesting paper to read (requiring only a reasonable math background).

The scam operated out of Spain during the early 1900s - It was known as 'The Spanish Prisoner' and involved heart-rending letters to the wealthy from prisoners taken by one side or the other in the Spanish civil war.
It pre-dates the Internet and it will still be around when the letters come from the the slave pens on a planet orbiting Alpha Centauri.

nt

I did not know that. I guess the scammers have had a long time to iron out the bugs of this type of fraud.

Perhaps an email from someone with an Iraqi or Turkish address, claiming to represent the son of a local tribal leader held in Guantanamo for 10 years as his family starves?

Excellent hint. Thanks.

I always laugh when people tell me that technology started with the Internet, that, for the first time, we now ...

Continuing your historical line I guess there were no telegraph scams as telegramms were quite expensive, and the fax, letter, or email scams are all based on the fact that communications costs nearly nothing.

And that they are a one-to-many asynchronous communication : the scammer can send numerous messages to many receivers and does not need to be present to answer, like with a phone call.

If this is true then there should be no sms, chat, or VoIP call scams. Is this the case ?

Pretty surprising, I have to say, but it certainly makes sense.

For the last couple of months, I'm running a website (a crossword puzzle dictionary) for a hobby, to familiarize myself with Drupal & Linux, and to gain some experience. Maybe, if I got enough traffic, I'll start to show Google Ads or something.

Despite of having Alexa rank of ~25,500,000, is my little website already getting a visit of a forum spambot every day or two. Dictionary attacks on SSH port are incessant. Funny thing is, that the origin is pretty evenly distributed around the world. For the most part, it comes from China, with France, US, UK, and Romania not far behind. Oh, and Russia too, but not much. As far as I can tell, the world distribution of hackers & spammers is about the same as your article says it is.

In the early 1990s, my boss and I fell victim to one of these scams. The bounty: $25M. It was via snail mail and faxes, all directly from Nigeria. We faxed docs over there also. After several months and multiple communications, we agreed to meet in a neutral place (London, England). I traveled, met one of their reps who, I believe, thought I was not worth their time and effort, and never saw him or heard back from them again. I invested time and money (mostly for the faxes), but my reward was to visit Europe on expenses paid mostly by my boss!

And, I am glad the outcome was a happy one.

I always wonder about the people that do respond to the scam. I've collected about a hundred variations on the 419 scam and pretty much every one of them involves misrepresentation and falsehoods on the part of the person that responds and gets suckered in. Of course the sender always says this is completely legal and safe, but at the same time is asking you to identify yourself as next of kin or the like when obviously you aren't. To succeed the scammer has to rely upon not only the gullibility of the person they are scamming, but also the greed and willingness to deceive of the scamee. There is a part of me that feels pity for the person sucked into the scam, but then I also realize that in a way they are as willing to deceive and lie as the scammer.

My wife and I were almost of victim of this type of scam. However it wasn't for business like this per say.
A few years ago we were looking to rent a house in our city and went on craigslist. Yes I know scam heaven. There was a posting for a house owned by a doctor that traveled. Think of it like doctors with borders. The house was a decent size,we were able to drive past it. Almost everything in the add checked out. It wasn't until we had an actual phone conversation that things started to sound fishy. In the process of getting to know you new landlord I asked a few questions that someone in the medical field would know about. Board numbers etc. After a 15 minute round table of discussions they call was suddenly dropped. After further research we found out the real owner of the houses name and informed him of the scam taking place with his property. It turns out the house was actually up for rent but he was a local doctor and had never traveled overseas. This scam almost cost my family thousands of dollars. Although we wound up renting the house from the actual doctor well lets just say I think maybe dealing with his Nigerian doppelganger may have been a better deal.

... but interesting none-the-less. I've thought about renting a house very recently and have just begun looking. I'll be careful.

There are multiple ways this scam would work, particularly if the owner lives a significant distance away from property.

It is a good reminder to be vigilant at all times. I was impressed that you knew to quiz the person. I doubt that I would have.

Hello Micheal,

Another interesting take on this sorely vexing issue of scams (from Nigeria and Nigerians). The obvious truth is that "things are not always what the seem". The fact that an email claims to be from a Nigerian fraudster does not mean it originates from Nigeria.

I am particularly glad some people are doing a lot of research on this issue: their findings )like this ones) will help a long way in eliminating the strange and often time lazy excuses of many western firms for not selling products and services to potential customers from Nigeria.

Scammers are selling "products" and in this web-centric world you could be anything and anywhere selling whatever to whosoever, so we should be very wary of stereotyping.

Amazon.com please take note!

Regards

Most know of the Nigeria scams, which have been going on forever. Anyone who responds to one of those emails is truly naive and therefore potentially a good target. So it's a way to filter down the responses.

Take the time to read the paper linked in this article and you will see that what we all need to do is create false positives for the scammers. Doing that wastes so much of their resources that they decrease their scams.

I can't believe people still fall for these scams. A good rule of thumb is if it sounds too good to be true then it's a scam. I'd like to know the thought process involved in thinking that by putting up some amount of money that they will be receiving a larger amount from their Nigerian pen pal.

I am not sure if the researchers looked at the number of Internet users that actually use non-Nigeria ISPs in Nigeria as it relates to the originating email countries?

If so, the researchers were using IP2Location (my third slide) to hone in on locations inside countries.

factors. I went through a heck of a lot of the Nigerian scam emails back in the mid to late 1990s, and even got involved with one to see how far I could string it out without having to commit to anything - seven long international phone calls received was how far it went. All the emails and phone calls I received were from Nigeria then. However, at that time there was a move afoot by them to have the meets organised in Spain, for reasons i never did get straight.

Edit to add - I wonder how many of the non-Nigerian addresses are being sent from bot infected systems?

I received an email, supposedly,from an Ontario, Canada couple who won the lottery and were giving most of the money away. The email included a link to the article stating such. Pulling the message header I found the ISP was from Europe while the spammer (couple) stated that they had moved to the US. When I asked about the descrepancy they ignored me. That caused me to stop answering their questions (no personal information had been passed to them yet) and ask why a European ISP. This got them SO mad that they told me to stop emailing them.

On another one, I decided to drag one scammer on for a ride. It was through my Hotmail account. After emails and calls, through a remotely located VoIP phone, his only recourse was to threaten me with reporting me to my city's police department. Yea. Right.

However over the last 6 months the scammer emails have dropped significantly.

Once you started a conversation with the person, did the IP address of the send email address in the header remain the same?

It mostly showed as Nigera. However he mentioned he was taking a trip to France and at that time the IP address changed to an ISP there.

I deleted all emails but do remember bits and pieces.

Back when I was growing up in the 1950's Mexico or other South American countries were the location of choice. These scams seem to me to all be variations on the "Spanish Prisoner" scam - with gold mines replaced by funds of dubious origin.

As I recall the original con had a prisoner languishing in a jail somewhere. There was an incomplete treasure map and only the prisoner knew the final details of location. So the mark had to supply money to bribe the guards to let the prisoner out. After that would come the "expedition expenses". The mark might insist on going or having a relative go on the expedition, in which case more money could be spent on ransom, etc.