Sunday, August 12, 2012

HOW TO BEAT THE SCAMMERS


Why We Should Scam
the Scammers
How can we stop those ubiquitous Nigerian ploys and other flimflams? Look at it from the perps' perspective
Reply to their scam emails and
waste as much of their time as you can


If you type "Nigerian" into Google, one of the top suggestions for completing the phrase is "scam." We all get them: unsolicited emails promising us a share of some lost fortune sequestered in an obscure place, if only we will help the rightful owner recover it. The "help" usually consists of transferring money to someone you don't know, most commonly in Nigeria or another African country. And, of course, the vast payout never materializes.
It should be a familiar story. In 2006, the New Yorker ran a piece about a New England psychotherapist in his 50s who was contacted by one "Captain Joshua Mbote" to help recover $55 million. He ended up losing $80,000—and, as the scam also involved cashing checks and passing on some of the funds, was sentenced to two years in prison for bank fraud and other crimes. According to Dutch firm Ultrascan, victims of these so-called advance-fee scams lost $9.3 billion in 2009, up from $6.3 billion the year before.
Make them dream about
the money they hope to scam from you
before you turn tire-kicker
So why do the scammers persist in blanketing the world with outlandish propositions, announcing that they are from the very country whose name has become synonymous with online fraud?
Cormac Herley, a computer scientist at Microsoft Research who specializes in security issues, provides a convincing answer in a paper presented at a conference in Berlin and recently published on his website. In it, he analyzes the con mathematically, using an approach called signal detection theory. His crucial insight is to look at the situation not from the victim's point of view but from that of the scammers. Their challenge is to hook only people who will get sucked in deeply enough to send a significant amount of money—the "true positives." They must minimize the effort they devote to "false positives" (targets who might seem like dupes but are suspicious and/or never pay up).
It costs the scammers virtually nothing to spam the world, but it costs them a lot (especially in terms of time) to conduct all the follow-ups necessary to reel a sucker all the way in. The people behind "Captain Mbote" spent six months pursuing their quarry before he started wiring money to them.
A proposal offering a more realistic scenario might generate more replies, but most of them wouldn't pan out. The effort of sorting through them to find the real suckers would undermine the scheme's profitability. Instead, by screaming "This is another absurd instance of the familiar Nigerian scam," the fraudsters are filtering out what to them is spam—responses from suspicious people they don't want to deal with—and "letting through" only those most likely to play along. The fewer potential victims in the world, the more precisely the scammers must target them, and thus the more absurd and easy-to-spot the attacks should be.
The Nigerian scammers aren't alone in using this approach. Phishing attacks, like the urgent emails from the "IT Support Team" requesting our passwords to avert some Internet calamity, are so hackneyed that they likely ensnare only the extremely naive or credulous.
Mr. Herley's analysis of the Nigerian scam suggests a counterintuitive way to fight back. Most efforts to reduce Internet fraud focus on reducing the number of people who reply to scammers—by educating users or by filtering out the scam emails. But some attacks inevitably slip through, and some Internet neophytes inevitably fall prey.
A more effective solution, Mr. Herley suggests, would require considering the goal of the scammers. Increasing the number of responses to their emails, he shows, can reduce profits, as long as those responses come from people who never send money. Such "scam baiters" already exist (the community website "419 Eater," named after the Nigerian law that governs fraud, offers tips and support). The more scam baiters, the lower the average return to the scammers on each attack and the less incentive they have to continue the scam.
Perhaps clever artificial intelligence researchers could create automated scam-baiter bots that would simulate gullible victims, drawing out the interaction as long as possible. The most convincing victim-bot would possess sophisticated knowledge of how the scammers think and behave—precisely the knowledge that tends to elude us when we look at the world only from our own perspective. Similarly, the profitability of phishing scams could be reduced by sending bogus account numbers and other data back to the scammers.
As Mr. Herley's paper shows, what seems stupid can actually be quite sophisticated. It's only by imagining the situation with the roles reversed that we can see what we've been missing.

Peter’s Comment

This is a radically different approach and the opposite of the advice traditional given on how to handle spammers.

Previously we were told don’t open emails that look suspect and certainly don’t reply to them.
Nigerian scams have come a long way since the days when they used snail mail and postage to trap people. Today it is a low-cost, effective and highly profitable industry. It is the effectiveness that needs to be targeted by scam the scammer proponents.

So we should all give them lots of work to do. We should act dumb, plead for their help to lift us out of our poverty and string them along for as long as we can before they give us up as tire-kickers.

I’ll go for that.

No comments:

Post a Comment

BEYOND THE SEAS

This is my latest historical novel  Beyond the Seas When twelve-year-old orphan Nathaniel Asker is shipped from the back alleys of London to...