Note: This article was submitted by Barracuda Engineering Intern Matthew Albrecht
In 2012, Microsoft researcher Cormac Herley published an article titled “Why do Nigerian Scammers Say They are from Nigeria?” which details his theory that scammers deliberately lower the quality of their emails so that only the most gullible of readers will respond, reducing time and money that scammers would otherwise spend tracking down dead-end targets. He explains that given a small fixed number of targets who would potentially fall for a scam if presented it compared to the huge number that wouldn't, it can be advantageous to target only a small portion of those susceptible few in order to maintain a high success rate.
When a scammer says that he is a Nigerian prince in need of $2000 to return to his palace before he pays you millions, he is assured nearly everyone who replies can be taken for a ride. Herley cites a FraudGallery.com statistic that says over 50% of all scammers claim to be from Nigeria as part of some intricate ploy to send really bad spam.
There's only one problem – they don't. At Barracuda Networks, we collect evidence on millions of emails that come through our servers. To test Herley's theory, we scanned the contents of more than 25,000 international money scam emails, 50 times more than the number used by FraudGallery.com, analyzing which countries scammers mentioned. We found that Nigeria was mentioned in only 15% of all emails, trailing the United States at 21%. Below you can see the top five countries mentioned in scam emails.
Our theory is that it's entirely possible that these “Nigerian” scammers are actually…… Nigerian. With English as a non-native language, sending rapid-fire emails with flawless grammar and no typo in sight – a feat that many well-educated native speakers can hardly replicate – might not be a particularly achievable goal, and fabricating a story about a person from your own country is likely far easier than attempting to do so with a foreign nation.
Interestingly enough, the source of Herley's data, FraudGallery.com, seems to agree that the scammers are likely actually Nigerian. In fact, they claim that Nigerian scammers deliberately pretend to be from other countries in an effort to divert suspicion, directly opposing Herley's thesis. Rather than Herley's claim that the decision to mention Nigeria is a conscious one, it appears as if it may actually be a failure to deliberately falsify their country of origin that results in these left-over Nigerian scams.
But catchy title aside, the math that Herley uses to justify his theory has a major flaw. He correctly shows that given a small, fixed portion of the population that can be considered viable targets, it is more profitable for a scammer to limit his audience and reduce false positives than to hook everyone with a gmail account. The caveat that Herley fails to take into account is that there is not a small fixed portion of the population that can be considered viable targets. The number of people who would theoretically fall victim to a scam is directly influenced by the quality of the scam.
Pretend, for example, that a scammer sent an email pretending to be from an IRS agent, claiming you owe an extra $1000 on your taxes or face criminal charges. Although not everyone will fall for it, we can safely assume that if well executed, his emails could draw in a large number of victims, taking money from far more than the small fixed percentage that Herley assumes. With that assumption taken away, Herley's math no longer holds.
Overall, Herley makes a valid observation on strategies to reduce false positives in binary classifiers. This is particularly interesting as we continue to evaluate ways to reduce false positives in our systems. We would love to hear your thoughts.