What I've Learned

If you have an email account, you have probably gotten mail from a stranger in Nigeria.

In 2008, I wrote about Advance Fee Fraud, known as 419 (four one nine) fraud after the section of Nigerian penal code that covers such schemes. I have an interesting update.

First, a quick review: The classic 419 scam is the fund transfer, which typically starts with an email or a fax or a letter. The writer is looking, he says, for a reputable person or business into whose bank account he can deposit a large sum of money that he is trying to get out of his home country – usually, Nigeria.

The person identifies himself as a senior civil servant. Explanations of how he came to possess the money – amounts tend to range from 10 to 60 million dollars – vary. It is money from a former regime, for example. The individual is now in temporary control of the funds and must transfer them out of the country or else lose them.

If you will kindly assist by letting the person put the money in your account, he'll reward you with a percentage, often as high as 30 percent.

After a number of correspondences to work out details of the transfer – during which the victim becomes more and more convinced that he or she is about to become a millionaire – a "complication" arises.

There is a tax that must be paid, or a bank fee, or an official that must be bribed to complete the transaction. Access to the money is not possible, the scammer says, until it is transferred, and it can't be transferred until the tax or fee or bribe is paid.

So if the victim would kindly pay the fee, he can easily be reimbursed once the millions are transferred.

Once the person pays the requested amount – ranging from a few hundred to thousands of dollars – that's the last they hear from the scammer. Also, as part of the process, the scammer gets the victim's bank account information.

It seems odd, doesn't it, that the scammers are so clumsy in their approach. After all, even small-town columnists such as I write about Nigerian fraudsters and can explain how the fraud works. Seems like the senders of those emails would at least have sense enough to change the name of the country.

The scammers, it turns out, are not as stupid as we think. Recently, a Microsoft researcher, Cormac Herley, wrote a paper called “Why do Nigerian Scammers Say They are from Nigeria?” He concludes that these scam emails are clumsy and easily detectable for a reason.

"Since gullibility is unobservable, the best strategy is to get those who possess this quality to self-identify,” Herley said.

It costs the scammer next to nothing to send out the emails. The time and effort comes when there are responses. To be profitable, the scammer needs to avoid false positives  – people who respond, but can't be scammed. Herley put it this way:

"Viability requires that the scammer actually extract money from the victim: those who are fooled for a while, but then figure it out, or who balk at the last hurdle are precisely the expensive false positives that the scammer must deter."

The scammers have no time for false positives. They want genuine dodos who will actually scrape together some money to pay the supposed tax, fee, or bribe, hoping to coup millions in return.

The emails are purposely designed to filter out the 99.975 percent of us (I made that number up) who can see right through them, and to capture the attention of the miniscule number of people who will probably, despite everything, fall for the scam.

Search for Herley's paper online for a technical, but interesting read.