
Why 'Nigerian Scammers' Say They're From Nigeria - neya
http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf
======
antimora
I suppose it boils down to this "By sending an email that repels all but the
most gullible the scammer gets the most promising marks to self-select, and
tilts the true to false positive ratio in his favor."

~~~
s_kilk
It seems so obvious now but I never realised this on my own. I suppose the
take-away lesson is that there is an art to even the most (seemingly) hare-
brained schemes.

~~~
jonah
I can't see that they'd continue doing it if they didn't get _some_ sort of
result.

At the least, a very small number of valid email addresses, an even smaller
number of postal mailing addresses, and a vanishingly small number of
financial interactions.

~~~
kamjam
It's like all those stupid adverts you see on TV for mega-extreme-fitness-
workout or call-meet-super-sexy-local-girl. Always wondered who would actually
but this rubbish or call those stupid premium rate numbers, but the very fact
there are so many of them must mean someone does!

~~~
larrys
"for mega-extreme-fitness-workout or call-meet-super-sexy-local-girl"

That's actually a little different. When people are desperate they are willing
to go with emotion instead of rationality. That's why they travel overseas for
miracle cures even though rationally what they are doing doesn't make any
sense at all.

[http://abcnews.go.com/Health/Primetime/story?id=482292&p...](http://abcnews.go.com/Health/Primetime/story?id=482292&page=1#.T-IP_RztD2s)

There is also the greed factor which is somewhat similar and why people go for
"to good to be true" things if the price is low enough.

There is a blogger who I will not name that has chosen to go with godaddy $9
hosting for his quite popular blog (he used to pay $100 for a VPS or something
like that) and he truly believes that gd will give him unlimited everything at
that price point just because that's what the site says. While he is not
particularly savvy in terms of hosting and technical things (by his own
admission) his greed (if I can call it that) makes him overlook and ignore the
obvious.

I'm sure someone can point out the exact psych principles that are involved
here.

~~~
xamuel
Those ridiculously too-good-to-be-true hosting deals are awesome if you've got
a blog that nobody ever reads. The instant one of your posts goes viral,
expect your page to be unceremoniously shut down with no call or email to you.
Which is of course the worst possible time for it to be shut down-- while it's
on front pages of social aggregators and such.

Source: personal experience (Bluehost, not GoDaddy)

------
OoTheNigerian
At first glance, the conclusion of the paper seems very intelligently
plausible however I believe understanding such reasons will be more accurate
from qualitative rather than quantitative research.

It should me noted that the particular format of scam discussed in this paper
(the templates/models are called formats) is along the line of inheritance and
criminal government officials. However, it does not address other formats such
as lottery/employment/relationship scams to mention a few.

This 'reason' given in the conclusion might be one data point but far from
being 'The reason' Why Scammers Say They are from Nigeria.

Thanks submitter for putting the quotation marks around Nigerian scammers
because I did not see anywhere in the article that certified the letters
calming to be from Nigeria were actually from Nigeria.

A final note: Scams (including those originating from Nigeria/by Nigerians)
are of international dimensions; therefore assuming a scam would have to be
unraveled eventually since the money MUST be eventually sent to Nigeria is
false. Therefore there is no compulsion to always eliminate those that are
_false positives_ to the word Nigeria. Other false positives can be used
without eliminating the very same people all the time.

TL;DR

The answer to the 'research question' would be more accurate/inclusive if got
form a qualitative method than quantitative.

~~~
larrys
"qualitative rather than quantitative research"

"This 'reason' given in the conclusion might be one data point but far from
being 'The reason' Why Scammers Say They are from Nigeria."

Agree. There is certainly no discussion of any conversations with actual
scammers to see if that is the reason they do what they do or what they are
thinking. And as far as copycat crimes go, it would make sense that someone
would mimick an existing ubiquitous scheme rather than coming up with an
entirely new and unique location in the world. Most people who kill themselves
of course choose a method that they've heard other people use and it is well
known that there are crime waves that start with a single incident. Lastly
there is no data available to show what happens if you don't choose nigeria as
your location to back any of this highly academic analysis up.

Of course this paper and analysis could be used with many things. Take dating
for example. Is it better to go on a first date dressed to the nines or
dressed at 70% (arbitrarily picked to prove a point) your best dressed look? I
could take that and get someone to write a paper which shows that you have a
higher chance of getting married if you dress at 70% on your first date since
you will weed out many people that aren't attracted to your average looks. But
the fact that I can present an academic paper showing that doesn't make the
fact true without something more to back it up.

~~~
scalable
A date has a non-zero cost. If you want to weed, do it earlier. Say something
embarrassing on your online dating profile maybe? Then, when the selection is
done, you go into seduction mode at the date.

------
mqzaidi
I don't think the conclusion is correct. First, I have seen mails from
Pakistani, Iranian and North Korean scammers as well.

I think the hackers challenge is to present a story that is credible enough.
Claiming to be from a country that is perceived to be mismanaged and corrupt
by the target audience helps. Linking it to some real event such as some real
coup makes it even more credible. But finally, once someone gullible enough
follows up - if you have a nigerian accent or ask them to mail to a nigerian
account, claiming to be from some other place will make maintaining that
credibility very difficult. I believe that is primarily why nigerian scammers
pretend to be Nigerian, and Iranian scammers pretend to be Iranian.

~~~
polemic
[http://thobbs.github.com/blog/2012/06/17/you-should-
downvote...](http://thobbs.github.com/blog/2012/06/17/you-should-downvote-
anecdotes/)

~~~
raganwald
If you want to downvote it, go ahead, use whatever reasoning pleases you. But
please be careful about quoting a post calling on others to downvote.
Campaigning for upvotes or downvotes is frowned upon, it breaks the entire
premise of "The wisdom of the HN crowd."

If you feel this person's anecdote is not helpful, it miht be better to reason
against it directly rather than engaging in meta-debate. You risk re-opening a
debate about that post rather than the current topoc.

------
bambax
Fascinating article. I wonder if this is always true though:

> _We consider a population of N users, which contains M viable targets. By
> viable we mean that these targets always yield a net proﬁt of G when
> attacked, while non-viable targets yield nothing. Each attack costs C; thus
> attacking a non-viable target generates a loss of C_

This supposes that the viability of targets is boolean: you're either gullible
or you're not. But isn't it possible that targets' viability (or profit
potential) is a function of the sophistication of the attack?

~~~
brudgers
I believe it is a mistake to see the victims of cons as unsophisticated. Or
rather, doing so makes one more susceptible to being taken - consider how
Madoff operated.

I watched a coworker send money to Nigeria once for a Teacup Yorkie - $900 for
a pedigreed dog including air transport seemed like proof of the victim's
internet shopping savvy and unsolicited warnings from the workplace were
ignored.

What was amazing was how well the scammer read the victim. The dog was to
board a 10 am flight and arrive in ATL at 2:30. The email arrived at about
10:15 notifying the victim that another $400 was needed for customs but that
the dog could still make the flight.

Two of us working hard managed to convince the victim not to send the money -
I think that the possibility of a dog flying from Nigeria to a baggage
carousel in Atlanta in three hours finally made it through the filter. But it
was a close call.

The victim was a savvy college graduate with a good job which required a lot
of responsibility and hard knuckle negotiations with contractors and vendors
on a regular basis. The attacker was extremely sophisticated in their pitch.
It's why the victim trusted them and didn't verify anything.

~~~
saraid216
> I believe it is a mistake to see the victims of cons as unsophisticated. Or
> rather, doing so makes one more susceptible to being taken - consider how
> Madoff operated.

Exactly. There's so much social stigma attached to being a scam victim that it
literally disables one of our defenses: self-doubt.

------
gojomo
This also helps explain why so many scam/phish messages have blatant
spelling/grammatical/formatting errors.

~~~
ableal
They may also be trying to evade spam filters.

Anyway, I find the title of section 3.2 rather fetching: _"If attacking
everyone is not profitable slope must be greater than unity"_

Take that,
[http://en.wikipedia.org/wiki/List_of_ships_of_the_Culture_se...](http://en.wikipedia.org/wiki/List_of_ships_of_the_Culture_setting)

------
ShabbyDoo
How much "noise" in terms of false leads must the world create to make scams
like these unprofitable? Would it be sufficient to mine a spam filter and
auto-respond en masse with various canned responses? How about a site which
facilitates scam baiting, sans the hand-carved 80's era computers and other
extremes of 419eater? It could be positioned as entertainment and a public
service rolled-up in one. Want a break at work? Check-in on your currently
active scams and send out some email. The site would link-up to
gmail/hotmail/whatever accounts you create (to avoid TOS issues) and use
Twilio to facilitate anonymous phone calls. It would be like a virtual
customer service/call center application. There would be suspense, intrigue,
and surprise. How will the authors of this piece of spam attempt to con me?

~~~
shrub
Sounds like fun! Where do I sign up?

I actually spent more than an hour on the phone with some of the call-you-up-
because-you've-won-something-but-you-can't-have-it-unless-you-give-us-money
scams once. I repeatedly gave them a bogus credit card number and insisted it
ought to work. I got passed from person to person and was asked with varying
degrees of politeness and barely suppressed aggravation to repeat the number
backwards and forwards, and was I sure it hadn't expired, and did I possibly
have another credit card, etc.. I was very polite and cheerful, agreeing
graciously with every request to be put on hold or transferred. Hold times are
great to get the giggles under control.

When the last guy they transferred to me asked if I was toying with them (I'm
pretty sure I covered my giggle with a decent enough cough, but maybe not), I
asked him if I could phone my bank to find out what the problem was and call
him back. Out of the question, of course. I asked if I could check with my
bank and if they'd please call me back in 10 minutes. He agreed, but I never
called my bank and he never called back.

What I wish I had got in there somewhere was something like "it really ought
to work, I used it yesterday to pay for postage on a parcel from Nigeria."

------
a1k0n
That may all be true, but in my experience working at a very large webmail
provider, the vast, vast majority of phishing attempts (not just 419 scams,
but also really terrible attempts to get passwords to email accounts from
which to launch more 419 scams) came from Nigeria, Benin, and Côte d'Ivoire
IPs.

------
taejo
When I did some scambaiting, most of the scammers claimed to be Ivorean.

~~~
vidarh
I don't really think that makes any difference to the point made.

The overall idea is that it is helpful for them to present an image that less
gullible people will immediately write off as a scam, so as to reduce the
responses to a set of people that are gullible enough to be profitable to
pursue.

The ideal scenario for these people is to be busy all the time dealing with
the most gullible potential victims rather than chasing people who will balk
at sending them money. Any more responses than they can deal with, and they'd
be better off filtering out more of the less gullible people by making their
initial approach more likely to send poor targets running.

Presenting themselves as Nigerian is one way of increasing the odds of
triggering alarm bells with the less gullible people, but by no means the only
alternative.

There's also every reason to assume that a reasonable number of scammers are
simply clueless and try these scams because they _think_ they'll make money,
not because they've actually found a method that is viable for them, so you'd
expect to see a reasonable chunk of scammers that don't do the optimal thing
anyway.

------
Rexxar
It would be interesting to create false mail accounts with a bot that reply
automatically to these mails in order to increase their false positive and
render this sort of scams unworkable.

~~~
dspillett
Wouldn't work.

If malicious types didn't find a way to circumvent your code such that they
could use you as a relay for their junk, they would at least be able to use
your auto-responder to try DoS or joe-job someone else (potentially leaving
you with a large bandwidth bill and a collection of explaining/apologising to
do).

------
ShabbyDoo
I've often been surprised by how silly the "Russian girl coming to the US"
genre of spam sounds when reading it. "Oh, I decided to come to America, found
you randomly on the 'net somewhere, and decided that I'd like to meet you."
Like the Nigerian scammers, these folks want to induce selection bias toward a
population of men who will suspend disbelief and do almost anything in a
futile attempt to meet a girl. It would be interesting to respond to such spam
in a way which suggests relatively low motivation and see how the scammers
respond. Send a casually-shot photo of a reasonably attractive man and claim
it to be yourself. Perhaps a photo of such a man with a reasonably attractive
woman who quite plausibly could be an ex girlfriend. The idea is to imply that
you have options for forming relationships beyond relying on a Russian woman's
successful journey to the US. [The scam apparently involves asking for money
to pay for unexpected airline fees, etc. -- pay the money, and the girl will
be here soon] Then, for contrast, send a photo of an ugly man and compare the
scammers' responses.

~~~
jeltz
A problem with that study is that they may be used to victims of the scam
sending false photos of themselves too.

------
markessien
I think they are wrong. Those email scams are "old school" in the sense that
they worked back when people were not really familiar with the internet or
scams and lots of scammers got rich from that. The ones still being sent are
probably earning just a trickle of money from these (since it's so obvious,
and the pool of people who will fall for this is rapidly shrinking).

The scam has evolved into other forms, for example, the variant where a decent
looking guy on a dating website communicates with an older foreign woman for
months, before he then goes somewhere where he is "kidnapped" by terrorists
and they need a few thousands to release him, or where he cannot pay his bills
because he lost his wallet.

The scammers are like people creating viruses - they are evolving, becoming
more subtle and adapting to the internet. The mass email thing is a known
exploit, and I doubt it is profitable for them anymore.

~~~
dagw
These scams are "old school" in the sense that they've been around for several
hundred years (Google for Spanish prisoner con).

------
techinsidr
Markus Jakobsson and Kim-Kwang Raymond Choo did an interesting experiment on
this -- and their conclusion? Yes, these scammers really are usually from
Nigeria.

<http://www.securityweek.com/are-nigerian-scams-nigeria>

------
ricefield
Since no one else has posted it, here's a relevant Quora thread:
[http://www.quora.com/Scams/Why-are-email-scams-written-in-
br...](http://www.quora.com/Scams/Why-are-email-scams-written-in-broken-
English)

------
lmkg
While the topic of this paper is Nigerian scammers, the model that it builds
is much more general. At heart, it's a quantitative cost-benefit model of
filtering attacks, vs launching unsuccessful attacks. This model can explain
quite a lot of things. For example, it can model the viability frivolous
lawsuits, including IP extortion (patent trolling). From that, you could
extract how expensive filing (or losing) a lawsuit needs to be in order to put
the breaks on patent trolling as an industry.

------
holdenc
I have often thought the same logic applies to why display ads work better on
low-brow, pedestrian websites. If your website caters to smart people, good
luck getting clicks. If you are pof.com then you are already attracting the
kind of person who is not discriminating in their internet browsing
experience, and they may click on the ads.

------
ddalex_ro
So, the paper argues that we all should reply to these scams, in order to make
economically infeasible for the attacker to promote this kind of attack -
drawn them in noise.

On the other hand, increasing noise will lead to even more sophisticated
attacks and increasingly cunning attackers - evolutionary pressure in action.

What to do ?

------
mayneack
Cache:
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf)

------
cpg
Ha! I chuckled at a Microsoft Research minion citing a Google completion as
evidence that Nigeria is a synonym with scams: "“Nigerian Scam” is one of five
suggested auto-completes in a Google search for “Nigeria”"

------
pella
more research paper from WEIS2012 ( Information Security Workshop -
econinfosec.org )

<http://news.ycombinator.com/item?id=4136417>

------
chris123
Will be interesting when the crowdfunding floodgates open.

------
its_so_on
In other words: always claim to have a fifty billion dollar market. You'll get
a higher response rate from gullible VC's, and people who would try to invest
at a multiple of your earnings will filter themselves out ;-)

~~~
wmf
In related news, I hear crowdfunding is now legal. I'm a part-time single
founder without an idea working a four-hour work week targeting a 1% slice of
a massive market... anybody want to invest?

------
Tloewald
In my opinion this also explains a lot of religions.

~~~
nanijoe
How in your opinion does this explain religion? The mechanism by which people
get into religion is very very different from the stuff the original article
is talking about.

~~~
damoncali
I think the parent means that religions are created with outlandish claims
(resurrection, xenu, miracles, immaculate conception etc) in an effort to weed
out critical thinkers (trouble makers).

~~~
saraid216
Funny story. I became a believer (after growing up doubtful in church) when I
came up with what I felt was a plausible theory for God. I stopped being one
when I got bored of the intellectual starvation in church.

~~~
damoncali
I've always believed that spirituality cannot survive in a church, but that's
a discussion for another place entirely.

