38 Comments

  1. I’ve seen a theory that the scammers are now being deliberately “stupid”. Everyone has been warned against the scams, so it’s too much work to persuade a non-idiot to go along. So, why wast time – go straight for the scams that only idiots would hit on. Sure, most people just hang up or delete the e-mail. But the scammers don’t have to waste their time with someone who’d eventually see through it, anyway. They just move on and eventually hit a sufficiently stupid person.

  2. I think this deliberate apparent stupidity has long been a strategy, for instance in the Nigerian 419 advance fee scams. Many of those were written in a semi-illiterate manner with the idea of avoiding having to deal with bright/skeptical people right from the off. You’d have to be an idiot to fall for one of those, but enough people did to make it worthwhile, presumably. Mind you, some victims of those scams seem to have had easily sufficient education and life experience to see through the scam and fall for it anyway.

    I used to get 419 letters by snail mail back in 1990 or so, to my office address, in the days of faxes and telexes and before I had an email address anyway. My name was in our brochures and catalogues as sales manager for Middle East and Africa so I was an easy named target to go for. In those days I used to forward them to the Africa Desk (or similar) of the Foreign Office.

  3. The chief advantage of using email for Nigerian Letter type scams is that the marginal cost of sending out another one is very low, almost zero. whereas using regular mail costs a stamp and phone spam takes time. Phone spam only works well when you can fully automate it… robodialling… or for someone who has nothing but time… prisoners…
    So, yes, they don’t have to care how many people get the email or voice mail, say some variation of “^%$%^#$ spammers!” and delete it immediately, as long as it hits enough people dumb enough to bite. The newest one I’ve seen involves fake malware warnings injected into the ads that launch a browser window, display a fake “malware detection” alert message, and then attempt to consume 100% of the processor capacity to get your attention. To me, they’re an annoyance, but to someone who didn’t know any better, they might well believe that the alert is real. (I get them in the ad-stream that comes from running Microsoft Solitaire. But I don’t let them run scripts, so I just get the fake alert in a pop–under browser window, and often don’t even see it until hours or even days later.)

  4. @narmitaj: Another factor in the apparent stupidity in Nigerian scams is to make the mark think they’re smarter than the scammer. It’s an extra bit of bait.

  5. The people (no matter where they come from) who send those “Nigerian” e-mails are not brilliant game theorists, they are simply crooks who plagiarize what works best, and the e-mails that work “best” (as narmitaj already said above) are the ones that have errors in them. The advantage is that getting rid of anyone who has half a brain early in the process means wasting less preparation work on people who are intelligent enough to refuse sending a cash advance later on.

  6. Kilby: “Crooks who plagiarize” isn’t incompatible with “brilliant.” I worked briefly in spam detection, and was impressed with the ingenuity of some of the spam schemes. I would guess some scammers have a similar level of sophistication.

  7. One time I got one pretending to be a member of the “Illuminati Brotherhood”. I had fun roasting him with Robert Anton Wilson quotes and posted the screencaps under Moron of the Week on MoronicArts. 🙂

  8. “The people (no matter where they come from) who send those “Nigerian” e-mails are not brilliant game theorists, they are simply crooks who plagiarize what works best”

    SOMEBODY had to think of it, first. Just like SOMEBODY had to be the first to sell the Eiffel Tower as scrap, and SOMEBODY had to be the first to sell elevator passes for the Empire State Building, and SOMEBODY has to be the first to run KickStarter campaigns to help (whoever was in the news today), and so on and so on. That somebody comes along and copies the scam later doesn’t affect how creative the original scam was.

  9. Smart people do fall for scams. There was a bit on the news recently about a woman, a professor I believe, who fell for “This is IRS you have pay now or the FBI will be at your door. Don’t call local police. We are monitoring your phone!”

    They got money out of her but it fell apart when she went to her mother for more. There was door-cam of her saying “I need $5000 don’t ask questions!” Mom did ask questions.

  10. When I get a phone call, “This is your grandson” = “This is your credit card company” = “This is your local Police Benevolent Association representative” = “This is the IRS” = “This is your bank” = scam. In the case of “This is your grandson, I’ve been arrested and I need money to bail me out” I say, “No! Stay in jail for the night and think long and hard about what you did. Hand the phone to the arresting officer so I can tell him all the other things you’ve done in the past couple of weeks.”

  11. My favorite was the scammer who did inadequate research on me before calling, and tailored the threat by telling me there was an arrest warrant for my wife and she’d be arrested if I didn’t pay right away.

    Poor scammer didn’t know why I was laughing so hard. Well, I’d been divorced for almost a decade when he called.

  12. These con artists are not (all) stupid, but they are not making linguistic mistakes on purpose, they are simply not so familiar with the native language of the people from whom they are trying to steal. Fractured English (or German) is a consistent hallmark of these thieves, occasionally compounded by technical glitches. I’ve seen e-mails in which each letter “a” was replaced by a Cyrillic (or Greek) “alpha”, and orhers in which the entire text was mechanically translated, including the supposed return address of the sender (“Silberquelle, Maryland“).

  13. P.S. I’ve seen four scam attempts sent as physical letter. All four were on plain paper, with no return address or identifying marks on the envelope. The first two (early 90’s, in the U.S.) were handwritten, the intended victim was asked to provide two blank, but signed sheets of letterhead paper (with the corporate seal). Everyone in the office was amused; anyone who actually did that deserves whatever happens afterwards.
    The second two (late 90’s in Germany) were typed in English, I was asked to translate the contents so the boss could report them to the police. By then the business model was no longer an attempt to drain the victim’s account wholesale, it had progressed to “get the victim to forward an advance to cover ‘fees'”,
    Neither company was big enough to be on anyone’s radar; I have no idea how or why anyone abroad would have picked either one (presumably out of a phone book or corporate register).

  14. I’ve also read that the scammers try to qualify you as stupid early on.

    My personal favorites:
    1) “This is the Visa and Mastercard company”. Since that’s like “This is the Ford and General Motors company”, it’s an instant qualifier.
    2) The current “I have your password” email that wants you to send bitcoin to a BTC wallet, but (a) the whole thing is a graphic, so you can’t copy-and-paste the wallet address, and (b) their target demo won’t know what a BTC wallet is or now to access one anyway.
    3) The “IRS” asking for payment in iTunes gift cards! Because, you know, that’s how the government is funded.
    4) The ones with [INSERT NAME HERE] et sim in the Subject: or body: “Bought the package, didn’t read the instructions”.

  15. The few times I answer the phone, I love when I’m told my PC has problems. I tell ’em, “HAH, I HAVE A MAC AND I NEVER HAVE PROBLEMS!’. I have found than hanging up on someone on a cell phone is NOWHERE as satisfying slamming down the receiver used to be.

  16. Of course, the operator of the MAC does make misteaks . . .
    I have found THAT hanging up on someone on a cell phone is NOWHERE as satisfying AS slamming down the receiver used to be.

  17. ” I tell ’em, “HAH, I HAVE A MAC AND I NEVER HAVE PROBLEMS!’.”

    I just saw some reportage of a problem that affects Mac users and nobody else.
    (My response to being told my PC has a problem is to ask “which one?” and let them try to come up with an answer.

  18. ” I’ve seen e-mails in which each letter “a” was replaced by a Cyrillic (or Greek) “alpha””

    That’s to help them get through spam filtering. The filters know how spam was written in the past, and matches up new messages to those known spam messages. So, they have to introduce things that are different every time, or the mark never even sees the scam.

  19. @ Andréa – JP is entitled to his own private theories, there’s little point in asking him to provide evidence for them.
    P.S. Replacing a Latin “a” with a completely different glyph doesn’t make the text spam-filter resistent, it makes it reader resistent.

  20. @Kilby — tinkering with the spelling does help with Bayesian filters. An obvious example: V1agra. Still (mostly) readable, but filters looking for the actual drug name won’t trigger (well, they will by now, but day 1 they would not have).

    I’ve collected several fun examples of this; one of the best was a note that was perfectly readable, but included a LOT of bogus random text in white-on-white, which was thus invisible.

  21. Some years back there was an attorney who fell for this sort of scam. Fell so hard, in fact, that she embezzled $50,000 from her firm.

  22. There was one who fell for the “fake check and send us back the difference” scam for six figures.

  23. “Silberquelle, Maryland“. DId anyone else besides me immediately think “Silberquelle, Silberquelle, It’s Christmas time in the city.”?

  24. @ MiB – In that instance, besides translating “Silver Spring”, they also translated “East-West Highway” to read “Ost-West Hochstraße” (which would have confounded the USPS if anyone had tried to send something to the address). It was simply an amusing coincidence that the German version of that scam letter just happened to be read by a someone who had actually driven on that road (countless times).
    P.S. @ Phil Smith III – Putting the “1” in “V1agra” is clearly a valuable strategy to avoid a simple spam trigger, but my earlier point about the Cyrillic “alpha”, as well as similar mistakes with German umlauts or the double-S (“ß”), is that these were not any sort of an intentional strategy, but simply a mixture of code pages that resulted in the exposure of the Russian (or non-German) source of the text. There is a fundamental difference: with “V1agra”, the sender has a product for which there is a (small) percentage of the population that would actually be interested in buying (and would therefore overlook the expedient misspelling), but with a scam e-mail, the text is attempting to convey authenticity, and substituting random characters from a foreign alphabet does nothing to enhance the author’s veracity.

  25. Kilby: But badly formatted e-mails are also consistent with the hypothesis that the e-mail writers want the letters not to look too authentic, so that they can weed out recipients with even a minimal amount of skepticism early on.

  26. “I’m with you, Kilby. He’s often wrong, but never in doubt.”

    Don’t feed his belief that the Internet consists almost entirely of idiots.

  27. “my earlier point about the Cyrillic “alpha”, as well as similar mistakes with German umlauts or the double-S (“ß”), is that these were not any sort of an intentional strategy, but simply a mixture of code pages that resulted in the exposure of the Russian (or non-German) source of the text.”

    You’re welcome to your little theories. You were going to provide some evidence to support it?

  28. Well, with UTF-8 and Unicode, there are no “code pages” for that to “just happen”. This isn’t EBCDIC. So that theory is blown right off.

    There is certainly plenty of evidence that random text is there to defeat spam filters, but things like this research:

    Click to access 170.pdf

    provide more data (“Spammers have tried many things from using HTML layout tricks, letter substitution, to adding random data.”).

    To those of us in the security biz, this is canon, well beyond lore; I guess I’d turn it around and ask what evidence you can present that it’s NOT to defeat spam filters, since it cannot be your code page theory.

  29. 1 – Here they have been spoofing the police department’s phone number.

    2- There is a very nice and competent platform person at our credit union. We try to get her when we need something done. We were talking about the spam calls and emails. She told us about an older woman who had come in and was looking to make a large withdrawal and when she asked – it was due to one of these calls. She got the branch manager (a nice woman also) and they even called where she was supposedly had to send the money and proved to her it was a scam.

    Then she said that she almost got caught in one. She has 3 sons who are all in different law enforcement agencies. She got a call that one of them was hurt and needed money for some reason (I forget what) but as she panicked she had the presence of mind to call one of the other sons who knew that the son that she was called about was working and called in and checked on him and he was fine.

    I tell my clients – all of whom are older than me (and I am in my mid 60s) that IRS, courts,police, utilities, etc. NEVER ask for payment by gift cards! (Someone was calling businesses in NYC saying they were from ConEd – the electric utility – and if the past due payment was not made immediately by Itunes card they would have their utilities cut off. What would they do with Itunes cards at a utility?

  30. And people fall for “IRS” calls that ask them to pay with iTunes gift cards. I can’t decide whether people that gullible are the problem or just victims…

  31. Biggest clue that something is a scam is that no legitimate business, utility, or government agency would ask to be in any gift card!

Add a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.