July 18, 2012

You may be Surprise too receive this letterfrom me. . .

Ran Mosessco Principal Security Researcher

You've almost certainly received an email similar to the one below. 


Despite being well-known and transparent, the Nigerian email scam (also known as the 419 scam, a reference to the article of the Nigerian Criminal Code that such activities violate) retains its place on the list of top ten internet/email scams for 2012, and still results in millions of dollars of financial loss--and sometimes worse--for its victims. We've already blogged about a particularly amusing example caught in one of our honeypots, and a variant that adds phishing to the risks. 

How does an obvious fraud continue to reel people in? And since the scammers want to find a likely mark and make some easy money, shouldn't they use a more credible and plausible email as bait? 

Recent research from Microsoft suggests that email messages full of misspellings, grammar mistakes, and outrageous stories may actually work in the scammers' favor. Although it may appear counter-intuitive, it seems that the more implausible the bait, the better the chances the scammer has of actually collecting some money.Of course, most people will immediately delete an email like the one shown here (which includes an ironic warning against email scams), leaving the less savvy as easy prey for the scammers, which is exactly what they are looking for. In this way, they weed out the skeptical and cautious and reduce the pool of potential victims to those who are more likely to produce revenue. Because the scam and its Nigerian connection are so well known, there are even reports that non-Nigerian scammers may claim to be Nigerian--again, a means of weeding out the suspicious and homing in on the easy to fleece. Like legitimate businesses, scammers are also looking to optimize their operations, and don't want to waste time on unproductive activities.


Scambaiters are out to make them do just that, and look ridiculous into the bargain. One site dedicated to this "cybersport" explains the game: "You enter into a dialogue with scammers, simply to waste their time and resources. Whilst you are doing this, you will be helping to keep the scammers away from real potential victims and [messing] around with the minds of deserving thieves." 

In addition, the site notes:

"For the most part these criminals are not 'poor people trying to scratch a living', but are indeed very prosperous compared to their law-abiding countrymen, and many operate in highly organised and highly successful criminal gangs.  Millions of dollars are stolen on a DAILY basis, with absolutely no thought given to victims, who are losing vast amounts of money, homes, relatives, jobs and worse."


Scambaiters pose as potential victims and lead scammers in a merry dance. Some pretend to misunderstand the scammer's instructions, leading to repeated communications from increasingly frustrated scammers, while others send receipts for non-existent airline tickets to prove they are on their way to Africa with the money. Their only concern now is recognizing their contact at the airport arrivals hall. "Could you kindly send a photo of yourself holding a sign with my name [insert name with humorous or indelicate double meaning] to ensure we are able to meet?" They can and they do.

If you're thinking that the scammers' tales of woe sound like Victorian melodrama, you wouldn't be far off. Snail mail variants of the scam predate the internet by almost 200 years, dating back to the 18th and 19th centuries. Nostalgic for the good old days? In July 2012, police busted an old-fashioned lottery mail scam in Spain that has claimed over 500 victims since the beginning of the year, which means that not having an email address is no guarantee of scam protection.


Websense customers are protected by our Advanced Classification Engine (ACE). Of course, a healthy dose of common sense helps, too.



Ran Mosessco

Principal Security Researcher

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.