Hacker Newsnew | comments | show | ask | jobs | submit login
Compromised Keylogger-aaS exposes network of Nigerian 419 scammers (krebsonsecurity.com)
66 points by pain_perdu 604 days ago | 11 comments



I'm a Nigerian studying for a PhD in the UK.

Confidence scams have always been a problem even for other Nigerians. We tend to be very suspicious of people on average.

A couple of years back my father, who teaches at a Nigerian university, got a call from his head of department who was in Europe at the time. He needed help clearing some important items that were being held by customs who were demanding payment to release a moderately valuable shipment into the country while he was away.

My dad was put in contact with an agent who requested some money to sort things out. At first, it was a token amount, but things escalated gradually to the point where he was considering "borrowing" money from both my sister and myself (we were both on scholarships while at university). My sister was home at the time and grew suspicious from the outset but my dad was totally convinced that the voice was authentic and that the caller simply knew too much. It was actually offensive for my sister to presume that he was that naive.

Fortunately, he fought the need to save face by not disappointing his boss in a crisis and told the agent that he couldn't send any more money. The numbers were disconnected immediately afterwards and his Head of department had no idea what he was talking about when he eventually returned. He didn't push the matter any further as it would be embarrassing to admit that he was conned.

This was a well calibrated psychological attack designed to take advantage of his personality and reputation as a man that can be relied on. It also preyed on his need to maintain his social standing among his peers. He had nothing to gain from this other than gratitude and an appeal to greed would have set off red flags immediately.

My conclusion was that this was probably engineered by some students who knew them both fairly well.

419 scams are fairly common in Nigeria and you become a target if you are perceived to be wealthy or recently come into some money. The "Yahoo boys" are ridiculous though because they are fairly easy to spot and are only marginally literate. It is part of a foreign condescending attitude to assume that that level of poor presentation is an acceptable standard for an educated Nigerian. Most of us think people who are scammed are suckers but it's an evolutionary game and some of the scammers are really efficient predators.

-----


> "The "Yahoo boys" are ridiculous though because they are fairly easy to spot and are only marginally literate. It is part of a foreign condescending attitude to assume that that level of poor presentation is an acceptable standard for an educated Nigerian. Most of us think people who are scammed are suckers but it's an evolutionary game and some of the scammers are really efficient predators."

My understanding is that the poor grammar in classic 419 spam emails is at least sometimes intentional. Only stupid uninformed people will fall for something that has all the traditional hallmarks of a scam (spelling errors, ALL CAPS, poor grammar), and those are the only people that the scammers want to invest time in.

-----


There was actually a publication on this by Microsoft! Basically, the idea is to make the e-mail look as terrible as possible to:

>By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.

https://research.microsoft.com/pubs/167719/WhyFromNigeria.pd...

-----


That's also why there are many references to religion in those texts. Religious people have self-selected for being gullible and acting on belief rather than on facts and so are presumably easier to prey on. For the scammers this is part of their cost/benefit analysis, if they have lower hanging fruit to pluck they'll definitely concentrate their efforts there.

-----


Indeed, "God will oversee this transaction and make sure everything goes smoothly for us faithful." Ka-Ching.

-----


That's also a good reason why anyone receiving this kind of mail should engage chatting with them for the fun, so that scammers get flooded and can't find their victims.

-----


So instead of just putting it in spam folder, we should have AI try to impersonate a human that is getting stringed along for a scam. It's both an opportunity for passing tuning test and making scammers not be able to ever find a real target.

-----


“Another level of this is referred to as ‘Yahoo Plus Plus,’ which…. involves the use of human parts and may need kidnapping other human beings for rituals, which is not necessary in ‘‘Yahoo Plus.’’ In Yahoo Plus Plus, the use of things such as their finger nails, rings, carrying of corpses, making incision on their body, sleeping in the cemetery, citing of incantation, using of their fingers for rituals, and having sex with ghosts are common. A few of the informants, however, denied that they use voodoo in the business, whereas others affirmed their use of voodoo.”

I wonder what Yahoo's stance on Yahoo Plus Plus is.

-----


A comment on the article from the site:

  Chris Thomas
  September 9, 2013 at 5:44 am
  A wonderful insight about some aspects of male African culture. Phew!
As someone whose parents & wife were born & raised in Lagos, Nigeria... I just want to say 419scams are not at all part of the the "male African culture"(whatever that means). They are just scammers, like scammers you'd find anywhere else.

-----


I think in general if anyone mentions "African culture" as if it's one single thing, you can safely assume they don't have a clue.

-----


Comments on the internet ...

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: