< Why Nigerian Email Scams Work

Transcript

Friday, November 01, 2013

BROOKE GLADSTONE:  Last year, Cormac Herley of Microsoft Research, wrote a paper called, “Why Do Nigerian Scammers Say They’re From Nigeria?” We spoke to Daniel Simons who wrote about the paper for the Wall Street Journal.

DANIEL SIMONS:  Well, what Cormac Herley did was envisioned what the scam would be like from the scammer’s perspective, and he applied a mathematical tool called signal detection theory to take a look at why it might benefit the scammers to send messages that were so obviously spam. The interesting insight is that what the spammers need to do is filter out people who aren’t gullible enough. They need to filter out the people who might respond but wouldn’t, in the end, send him any money.

  [BROOKE LAUGHS]

It takes the scammers quite a bit of time and effort to reel in the suckers. They have to send repeated emails, they have to prolong the scam, making them become more and more comfortable with the idea of wiring large amounts of money to them, and try and limit their time and effort to those people who are most likely to give them money. So one of the best ways to do that is to make the scam obvious enough that anybody who has any ounce of skepticism won’t participate. Signal detection originally was applied to hearing, right? So can you detect that very faint beep, when you go for a hearing test? If your hearing were perfect, you’d say, “Yeah, I heard the beep” every time there was a beep, and you’d say, “No, there was no beep” every time there wasn’t a beep. But it turns out we tend to sometimes think that something is present when it’s not, and we sometimes miss something when it’s actually there.

BROOKE GLADSTONE:  And so, in the case of these scammers?

DANIEL SIMONS:  The gullible people are the beeps, right? And all the people who respond but never send them money –

  [BROOKE LAUGHS]

- they’re the absence of a beep, that they think is a beep. They don’t care about beeps that they don’t hear because they can send out millions of emails and if they miss a few targets, so what. What they want to make sure they do is eliminate those cases where they think they’ve got a sucker and they don’t.

BROOKE GLADSTONE:  So how many people are falling prey?

DANIEL SIMONS:  There’s been at least one analysis by a Dutch security firm called Ultrascan that estimates that these advanced fee scams, scams where they try and get you to send some money - in 2009 the estimate was 9.3 billion, and it’s increasing.

BROOKE GLADSTONE:  In 2008, it was 6.3, so that’s a, what, a 50 percent increase.

DANIEL SIMONS:  Yeah, it’s a pretty big increase. And the scammers are actually getting more sophisticated. There was a recent article in the Wall Street Journal about targeting lawyers, law firms –

BROOKE GLADSTONE:  Mm-hmm.

DANIEL SIMONS:  — with this sort of an advanced fee scam. It’s an interesting approach because law firms are used to dealing with potential clients over the Internet, and they often act as an intermediary between a client and a larger company that needs to pay them. And these law firms that are sending money are gullible. They’re not thinking twice about why they’re wiring half a million dollars to Hong Kong. They’re not thinking twice about checking whether this cashier’s check is legitimate, or they’re not thinking carefully, from the scammer’s perspective, about how they could pull off the scam. They call the number that was provided by the client, rather than calling the bank directly.

So these scams are targeting people who maybe are going to be less skeptical because it is exactly the sort of thing they deal with on a day-to-day basis.

BROOKE GLADSTONE:  There have been a lot of efforts to counter these scams, you know, educating people, tweaking software that can filter or detect the scams, but you and Mr. Herley suggest that the solution is actually counterintuitive.

DANIEL SIMONS:  Yeah. You might think that the best way to avoid these scams is to educate people, so that they don’t fall prey to them. And you don’t want somebody in your company to fall for the scam. The best thing you can do is educate them so that they don’t respond to these emails.

But if you want to stop the scammers more broadly, the interesting approach you can take is to reverse the process, increase the noise for them. And it’s called scam baiting, where you respond as if you’re going to play along, and then you play along as long as you can, but don’t actually send in money.

BROOKE GLADSTONE:  So I have to assume that eventually the Nigerian prince scams are going to go away because every single person will know that - it’s phony. I have to assume that’s why all those penis enlargement ads are no longer in my mailbox.

DANIEL SIMONS:  [LAUGHS] The scam won’t necessarily go away. There are always going to be some gullible people who are new to the Internet, who haven’t really heard of this particular scam before. That’s, actually, a very effective technique for them because it filters out the people who are aware of the scam, and the only people who are going to respond are the people who are unaware of it, and there always are going to be some of them.

  [MUSIC UP & UNDER]

BROOKE GLADSTONE:  Daniel, thank you so much.

DANIEL SIMONS:  Sure thing, my pleasure.

BROOKE GLADSTONE:  Daniel Simons is a professor in the Department of Psychology and the Beckman Institute for Advanced Science and Technology at the University of Illinois.

Guests:

Daniel Simons

Hosted by:

Brooke Gladstone