[cryptography] Why do scammers say they're from Nigeria?

Tim Dierks tim at dierks.org
Wed Jun 20 13:56:07 EDT 2012


This is an interesting paper that presumably has implications for other
social engineering schemes beside financial scammers:
http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf

ABSTRACT
False positives cause many promising detection technologies to be
unworkable in practice. Attackers, we show, face this problem too. In
deciding who to attack true positives are targets successfully attacked,
while false positives are those that are attacked but yield nothing.

This allows us to view the attacker’s problem as a binary classification.
The most profitable strategy requires accurately distinguishing viable from
non-viable users, and balancing the relative costs of true and
false positives. We show that as victim density decreases the fraction of
viable users than can be profitably attacked drops dramatically. For
example, a 10× reduction in density can produce a 1000× reduction in the
number of victims found. At very low victim densities the attacker faces a
seemingly intractable Catch-22: unless he can distinguish viable from
non-viable users with great accuracy the attacker cannot find enough victims
to be profitable. However, only by finding large numbers of victims can he
learn how to accurately distinguish the two.

Finally, this approach suggests an answer to the question in the title.
Far-fetched tales of West African riches strike most as comical. Our
analysis suggests that is an advantage to the attacker, not a disadvantage.
Since his attack has a low density of victims the Nigerian scammer has an
over-riding need to reduce false positives. By sending an email that repels
all but the most gullible the scammer gets the most promising marks
to self-select, and tilts the true to false positive ratio in his favor.

 - Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120620/523366ba/attachment.html>


More information about the cryptography mailing list