Do you find e-mail pleas for help from the widow of Democratic Republic of the Congo strongman Mobutu Sese Seko unconvincing or downright silly? That may be the point, according to Microsoft researcher Cormac Herley.
The outlandish claims of Nigerian Letter – or “419″ – scams serve a critical purpose: separating the skeptics from the suckers. That’s the conclusion of a new paper published by Microsoft Research and scheduled to be presented on June 25th at the Workshop on the Economics of Information Security (WEIS) 2012 Conference in Berlin, Germany.
The paper, “Why do Nigerian Scammers Say They are from Nigeria?” (PDF) by researcher Cormac Herley analyzes the methods that online scammers use to navigate around a common problem in any detection program: false positives.
In the context of online scams, a “false positive” is any individual who is attacked, but yields nothing to the attacker.
As the density of potential victims decreases, Herley observes, the share of them that can be profitably attacked plummets. That leaves scammers in a Catch-22: only by targeting large numbers of potential victims can scammers find enough viable targets to make a profit. But the incremental cost of running 419 scams makes it unprofitable to target a large number of potential victims. That is, unless the attackers have an easy (and cheap) way to distinguish between the suckers and the non-suckers.
And that’s where “Nigeria” comes in. Basing the attack on an absolutely absurd and unbelievable premise (i.e. far-fetched stories of West African riches) is, according to Herley, an advantage to the attacker.
“By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.”
Herley is the principle researcher at Microsoft’s machine learning department. The work on Nigerian scams isn’t his first try at parsing the economics of fraud. His past research has debunked industry claims about the size of the underground economy and the utility of cybercrime surveys, among other topics. You can read more on the WEIS 2012 conference Web site here.