We designed and performed an experiment that allows us to take the pulse on Nigerian scammers. Are the scammers really from Nigeria, you may begin to ask? What do they want, and how do they get it? What are their strengths, what are their weaknesses? Are they at the peak of their success, or should we fear that they can become dramatically better at what they are doing? What can organizations do to secure themselves and their users?
Here is the experiment we designed, in a nutshell.
Imagine a camera that sells for $750 new, and I offer one for sale on Craigslist for $250. Only used for a few weeks, in perfect condition. Good deal, right? But what if I instead were to ask $750 (or more) for it used? Not so hot, you might say. It makes more sense for you to buy it in the store. You would not bother contacting me.
But fraudsters would.
They may contact me and ask to buy it – even at a premium. They will tell me where to ship it, and they will send me a payment. Or rather: something that looks like a payment to a would-be victim, who would not realize that it really was not a payment until after the camera was shipped.
We used that approach to “filter away” everybody but fraudsters. Then, we interacted with them, as a “normal” victim might, and recorded what happened. We learnt that most of them are indeed in Nigeria. They do not use technically “advanced” tricks like email spoofing, as most phishers would have. And many of them were bullies — which must mean that bullying is a winning strategy! Read more about our findings.