Nigerian scam is a generic term for the category of scams that always follow the same scheme: *the widow/lawyer/son/exiled person has a huge sum of money blocked somewhere. They need the help of a trusted person to exfiltrate this money. You are this person. Of course, you will be nicely rewarded for your help.* Obviously, if you accept to help, soon the scammer will ask a minimum fund to be able to make the paper or bribe the proper officials… Of course, at the end, no money transfer to you. Nigerian scam is a very old trick.

As Nigerian scam is old and well-known, the question why the attackers still use such an obvious trick is a valid one. And the basic answer that attackers may be stupid is not appropriate. HERLEY Cormac, from Microsoft Research, provides a very convincing answer.

Scammers have also false positive. This type of scams needs a lengthy interaction with the target. This interaction has a cost (time, effort). When starting the interaction, the attacker would rather like to have no false positive. Ideally, the attacker should only start with viable targets, i.e. targets that will carry the interaction till the succesful skimming. Intuitively, you may guess that the more gullible the target is, the higher the chance of success is. Therefore, using such a worn-down trick filters the initial respondents. It skims out only the most gullible persons. Thus, it lowers the rate of false positive.

Cormac analyses the typical Receiver Operator Characteristic curves that are usually used to draw the tradeoff between true and false positive of classifiers. He checks for the optimal operating point. He analyzes the impact of density (i.e. the ratio of viable targets) and the quality of the classifier. Then, he applies the outcomes to the Nigerian scams. He shows that the “dumbness” of the mail is a good classifier and that the attackers try to operate in a better overall profit.

This paper is interesting to read as it uses the usual maths for classifiers to analyze the impact of false positives on the financial gain of the attacker. It takes also the stance that not all scams are costless to attackers.

The paper reference:

C. Herley, “Why do Nigerian Scammers Say They are from Nigeria?,” Berlin, Germany: Microsoft Research, 2012 available at http://research.microsoft.com/apps/pubs/?id=167719.