One thing I have been wanting to do for a long time about Nigerian like scams, but never got around doing it, was the following:
1. create some bait email accounts from gmail, yahoo, and so on, and expose them somewhere on internet so they get harvested by scammers.
2. write a dumb program that is able to do some primitive parsing of the emails from the scammers, and reply to them. For example, let's say the email from the scammer is:
Dear friend,
I am the widow of the former Prime Minister of Nigeria and I need your help to get out of Nigeria where my life is threatened, along with the $50M currently in my bank account. If you help me I am willing to give you 30% of that money, please reply me to see how we can proceed.
Regards,
Mrs Mary Noscam
The program would have just to reply something like:
Dear Mary,
I am very interested to help you, how can I help you to get out of Nigeria?
Regards,
Mr John Victim.
The point would be to make the scammer spend 10 minutes to read the reply and answer to it. After couple of emails, he will probably realize that he has been wasting his time with a bot, and just move on, but with lots of emails responding, he will have much less time to deal with actual victims, making his time worthless. I think writing a bot that is able to reply to the scammer is quite doable, since:
1. There are example of bots having actual conversation, such as SHRDLU (http://en.wikipedia.org/wiki/SHRDLU) that was recently submitted here.
2. The answer doesn't have to be very elaborate.
Now I think I got blocked by the fact of having to make the bot be able to receive and send emails... maybe I will start that project some day...
I can't remember what the website is exactly and I am currently at work now so I won't be able to google it up but there was a person that use to do this except that he didn't use a bot but "bait" the scammers himself.
It is utterly hilarious. What he does is he replies to a "scam email" and most of the scammers will do anything once they see an actual human being replying to their spam email. He obviously leads them on and his signature move is to always try to get the scammer to post a picture of themselves with a card held up (for verification purposes of course) and the cards usually say stupid things like "ilikebukake". He collates all the emails, replies, pictures, etc and puts it up on the internet.
When I get home later, I will try and dig that site up.
I think you're taking about http://www.419eater.com
Yeah, my idea would be to automate what they are doing. It won't be able to do the crazy stuff people came out with though, but it will be able to "reach" much more scammers.
I use to think it was funny messing with people from poor countries who participated in activities that wasted our time for little $ benefit to themselves but not so much any more.
Humiliating other humans beings for enjoyment isn't a great trait to encourage.
These sites are also, whether that say they 'aren't' or not, are racist on some level.
I'm sure there are some real a@#holes participating and running these scams but often the people on the ground are just human beings who have no other way to earn money.
> I'm sure there are some real a@#holes participating and running these scams
I'd say that all of them are arseholes. The ones running the scams are not the local poor - they are poor relative to us in the west, but not in local economy they are relatively powerful. They are the local criminal hot-shots.
>but often the people on the ground are just human beings who have no other way to earn money
This is the problem. The above people use the poor(er) in their area as cannon fodder. When a 419eater story shows someone in a massively embarrassing situation that is not the scammer, it is some local fool that the scammer has somehow scammed (or forced) into playing the game. Yes they have wasted the scammer's time, but that is not the scammer being humiliated in those pictures.
> I'm sure there are some real a@#holes participating and running these scams but often the people on the ground are just human beings who have no other way to earn money.
So the bot is probably a better idea than targeted humiliation. Making crime quietly unprofitable is a good thing.
(You can help with Nigerian development, eg by giving to Doctors without Borders or other approaches.)
Wait, what? No thoer way to earn money? These are common thieves looking for victims to rob them out of as much money as they can. People with skill, a PC, access to the internet and good social skills.
These sites are also, whether that say they 'aren't' or not, are racist on some level.
I'm sure there are some real a@#holes participating and running these scams but often the people on the ground are just human beings who have no other way to earn money.
I would actually consider it racist to assume that people from a certain country are incapable of telling right from wrong in earning a livelihood. India, for example, has (surprisingly) a far smaller GDP per capita than Nigeria, and despite India having a reputation for being an IT hub, one seldom hears about online scams being perpetrated by Indians. The same goes for many other poor countries whose citizens don't resort to online scamming.
However it could lead to an arms race. What if the scammers start to write bots that parse the answers until there is a substantial progress in the scam? We would end up with machine small talk and the overall level of spam traffic would skyrocket…
The complexity/frequency ratio (As in, complexity of the bot over frequency of spam) seems a little low to spend time writing something like this. A manual solution would probably be better.
Not really, the goal is to have lots of emails responding to the scammers, so they don't know who to pay attention to, so that's hard to have a manual process for that (and there's already 419eaters).
As I commented elsewhere in the topic, this runs the risk that the scammers themselves start to use bots to parse and analyze the responses, yielding to a net increase in spam traffic, although no human would read the messages.
Yes, but then the scam business would be less profitable for them since they would have to buy or build those bots to analyze answer. Plus it could create some kind of war on automated conversation bot which would be a net win for the AI in general.
I think it's better if nobody benefits from there being scammers. Otherwise those under pay via mehanical turk may be tempted to pose as (or become) scammers themselves
As a point of interest: Nigerian scam letters predate the internet. In the eighties and nineties, colleagues in the oil and gas industry, and I, received frequent postal letters, postmarked Nigeria. One memorable one I received from a high official in the Nigerian National Petroleum Company, requested I keep his proposal a secret so "that my image may not be dented." We assumed they combed the Oil and Gas Directory, or the Geophysical Directory, to obtain our names. Perhaps these original, truly Nigerian scams, were less sophisticated than the later Internet imitators, since targeting technical professionals isn't targeting the dumbest of the dumb. Or, the rich veins they mined were not yet depleted.
>these original, truly Nigerian scams, were less sophisticated than the later Internet imitators, since targeting technical professionals isn't targeting the dumbest of the dumb.
On the contrary, the scam you describe look much more elaborated than current ones since they got your real peraonal info. Besides technical professionals seem like a great target for scams, since they likely have more money than the average and they are probably not as hard to scam as you might think, given that even a harvard professor fell victim to a 419er http://www.theregister.co.uk/2004/03/31/harvard_prof_scams/
Including typos in the spam messages falls in this same category. If seeing typos in an "official communication" triggers your alarm bells then you probably would not fall for whatever scamola it's a part of. It'd be in their interests to get you to drop off early.
I imagine there still needs to be some balance though. There's likely a set of people who may fall for the scam even if it's ridiculous, but if made slightly more ridiculous they suddenly would become more suspicious.
This reminds me of a lot of malware like fake AVs and ransomware - very poor spelling and grammar throughout (E.g. "You Computer Is Infected!!!" comes up often.) Although in that case, it might actually be the extent of their English skills since most of this tends to come from non-native-English countries like the far East.
Opportunity cost. If you can devote a few hours a day to each of, say, three gullible marks, you have a much greater chance of a payout than devoting a minute to each of 500 random marks.
That's referring to the time that the scammer needs if the recipient falls for their bait and initiates contact.
You only want the truly gullible to send that first email, or it would be a waste of time for the scammer to talk to all the people who wouldn't wire transfer their money a few days/weeks later.
Right, all contact after the first email has to be tailored to their responses. Even gullible marks usually need hours or days (at minimum) of building rapport before they're actually comfortable enough to be conned into executing a transaction. If conning people into directly handing you cash were automatable like phishing, you'd see a lot more con artists and a lot less of other crimes.
The initial contact is 'en masse', but the followups are all by hand. Time spent by the scammer to respond to potential marks is, in fact, a scarce resource.
Sending out the initial spams is very automated (and so cheap), but if you respond, they probably have a human handling than (maybe with templates, but still under human control), which isn't nearly as cheap, so they want to avoid wasting time on insufficiently-gullible responders.
This is precisely the point of the linked paper. Maximizing people who are initially attracted to the scam is NOT the best strategy for scammers, because most will likely be rejected at a later point, when it's costlier to the scammers.
The best strategy for scammers is to reject everyone but the most gullible targets as early as possible. Obvious typos would be suitable for this.
It's like how they say certain intro classes for majors are difficult to weed out students who would eventually drop out if they reached harder classes. The logic there is students aren't wasting their time taking classes they won't use when they switch majors, and the classes won't be filled up before students who will make it all the way can enroll.
This way the scammer isn't doing a back and forth for 2-3 emails with those who would eventually realize its a scam. They immediately weed them out so they are spending time on those who will payoff.
Interesting Study. There is also a related question addressed on Quora (circa 2010), on why these scams almost always originate from Nigeria and not else where. The geo-political reasons are quite interesting too http://www.quora.com/Why-do-so-many-wire-fraud-scams-origina...
I am writing an article about the "art" of business writing, where I use this analysis to refute the usual consulting wisdom of making everything simple to grasp, even if that means taking things out of context. My argument is that sophisticated meaningful writing on difficult concepts acts as filter to identify the readers (and potential business relationships) that will be more willing to pursue visionary projects and supportive of different approaches. In this domain, you do not need or want to address the whole market, just the businesses that want to lead. Individuals who take the time to read and understand or comment, emit signals of active and insightful engagement.
Interestingly, I've seen the same argument applied as a refutation to the traditional argument that dating site profiles should be kept short and simple. Perhaps it's applicable to writing in general.
Definitely it applies to all kinds of writing, where a feedback loop is desirable, in order to establish a communication channel. In this class, the only thing specific to business writing, is that you try to establish a communication channel with a view to building a business relationship. Nevertheless, I believe there are types of writing where feedback is not desirable. When I write poetry for example, I would rather not hear from anyone who has read something I wrote.
you're using ocam's razor a little too fine. The abstract actually said they want the "dumbest" of "dumb" people. Since the Nigerian scams are so well-known, only the truly gullibles will fall for their schemes, and those are the ones the scammers want. Their reputations works as a victim filtering system to their advantage.
They reached the same conclusion and in that case, I can believe it's correct because those ads cost money, so must bring in more revenue, or they'd have stopped a long time ago.
In the case of 419 scams, a large proportion of the scammers may not be that sophisticated. It's entirely possible they really are just as dumb and incapable of spelling as a naive layperson would assume. The fact that "scam baiting" is a thing provides some evidence of that, although it's likely that many of those reports are fake as well.
>In the case of 419 scams, a large proportion of the scammers may not be that sophisticated. It's entirely possible they really are just as dumb and incapable of spelling as a naive layperson would assume. The fact that "scam baiting" is a thing provides some evidence of that, although it's likely that many of those reports are fake as well.
Could be a case of evolutionary dynamics at play in the system. IF the typos mattered, then dumb scammers would have been weeded out.
Conversely, if typos help, then this phenomenon may actually have encouraged dumb scammers and weeded out literate ones that never thought to misspell.
To get a sense of how big a problem this is - americans reportedly had to recover 2 Billion USD* as a result of nigerian scams in 2013 alone, followed by China at $1750M, UK at $1210M and India at $870M.
What % of that was recovered is unknown.
Any team recovering even a small percentage of this makes it a fine acquisition target for the biggest banks in the world for a solution that works.
time saved in prevention of fraud; is time saved for banks not handling fraud, angry customers or hiring lawyers or training staff.
Expect one team applying to YC, trying to tackle this problem.
Given that non-productive responses (false positives) are harmful to the scammers, one can think of spamming them with false positive responses as well, right?
Is anyone else bothered by Figure 8, where the researcher assumes that seraches of "Nigeria" would auto-produce "Nigeria Scam"....which is not always the case, due to google personalizing seraches, (eg. if you search nigeria scams for information, you will likely autoproduce that as an auto-complete)
"Figure 8: Google search offering “Nigerian
Scam” as an auto-complete suggestions for the
string “Nigeria”.
" As per caption
Ultimatly the figure isn't a big deal.....idk, maybe i'm wrong..
I can't help wondering what percentage of the victims of the vanilla "Nigerian scam" over the internet are in developing countries nowadays where lawyers and bankers generally do use free webmail accounts for their correspondence, sending and receiving money via Western Union is quite normal, and requests for funds to bribe an official barely raise an eyebrow.
Don't get too comfortable with that thought. At least a few years ago, plenty of victims came from developed countries such as the US and the UK. My guess is that it's caused by a combination of extreme gullibility and greed, and has little to do with the development level of your country.