I have written before about the Nigerian 419 scams (see here, here, and here). These are the ones that, in the most common variant, ask you to help in the recovery of a large sum of money that has been hidden or no is claiming and for your help you get a pretty significant cut.
I am pretty certain that all the readers of this blog have received similar appeals. I am also certain that all of us have been struck by the sheer crudeness of the messages that make them seem such obvious scams that only an idiot would fall for, and asked ourselves why they don’t try to make it at least a little more sophisticated so that they have a better chance at success.
It turns out that a computer scientist at Microsoft named Cormac Herley, who works on combating computer hacking, tried to think like a scammer, did a cost-benefit analysis and realized that this crudeness is a feature, not a bug. In his paper titled Why do Nigerian Scammers Say They are from Nigeria?, he posed the question:
Why so little imagination? Why don’t Nigerian scammers claim to be from Turkey, or Portugal or Switzer- land or New Jersey? Stupidity is an unsatisfactory answer: the scam requires skill in manipulation, considerable inventiveness and mastery of a language that is non-native for a majority of Nigerians. It would seem odd that after lying about his gender, stolen millions, corrupt officials, wicked in-laws, near-death escapes and secret safety deposit boxes that it would fail to occur to the scammer to lie also about his location.
The answer is that the obviousness of the scam is a way of increasing the signal-to-noise ratio of the responses. It is similar to the strategy that computer hackers use.
Here’s the explanation in a nutshell. It does not cost the scammers much to send out mass emails. What is costly is the time and effort to reel in a sucker once they have initially responded to the bait. That can be a time-consuming process, involving as it does customized interactions over an extended period of time. As Christopher F. Chabris and Daniel Simons write in The Wall Street Journal, it took scammers about six months to extract $80,000 from a middle-aged New England psychotherapist.
So what the scammers want to do is weed out right from the start those people who initially respond but are unlikely to send them money. In other words, they need to reduce the number of false positive signals and one way to do that is with a fairly obvious message. Herley writes:
The most profitable strategy requires accurately distinguishing viable from non-viable users, and balancing the relative costs of true and false positives. We show that as victim density decreases the fraction of viable users than can be profitably attacked drops dramatically. For example, a 10× reduction in density can produce a 1000× reduction in the number of victims found. At very low victim densities the attacker faces a seemingly intractable Catch-22: unless he can distinguish viable from non-viable users with great accuracy the attacker cannot find enough victims to be profitable. However, only by finding large numbers of victims can he learn how to accurately distinguish the two.
Finally, this approach suggests an answer to the question in the title. Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
It is a strategy that seems to be working. The cost to victims went up from an estimated $6.3 billion in 2008 to $9.3 billion in 2009. I find that figure stunning. Can there be that many gullible people and if they are so easily separated from their money, how come they still have so much money to give to these scammers? In an interview on On the Media, Simon says that some of the victims of such scams are big law firms whom you would think would know better. But since they routinely act as intermediaries for other people and wire large sums of money to foreign banks at the request of clients they don’t know personally, their guard is lowered.
How can this fraud be combated? Most of us try to increase awareness of the con by spreading the word to everyone we know not to fall for it. But that actually works in the scammers favor since the people who do respond are likely real suckers. Chabris and Simon suggest that a better way would be for as many people as possible to pretend, at least for a short while, to fall for the scam but not send money, thus increasing the number of expensive false positives the scammers have to deal with.
We need not go as far as one counter-spammer who managed to actually get money from the scammers, in addition to getting them to take photographs of themselves in silly poses. It is a hilarious story but it is probably not a good idea to go that far since these people are criminals.