dcsimg
RealTime IT News

Suckers For Spam

Hard as it is to believe for long-time Internet denizens, online scammers and spammers are still reaping rewards from the community at large.

Last week's bizarre tale of a Los Angeles record producer claiming he was being chased by Nigerian scam artists is a high-profile example of the pervasiveness of the activities still evident today.

According to a report by the L.A. Times Sunday, Christian Irwin was found after a five-day search initially prompted by the producer's disappearance and a frantic phone call he made to friends.

According to the report, friends and family said Irwin had become involved in an Internet scam that paid him to transfer money from Nigeria to the U.S.

He panicked when the scam artists demanded repayment of $50,000, the report continued, and phoned a friend to say he thought he was being chased by Nigerian scam artists. He was found Sunday alive in a stream near his house.

The Nigerian e-mail fraud scheme is one of the oldest tricks in the Internet scam book, earning its own advisory Web page on the U.S. Secret Service's site. Also called an advance fee fraud or 419 scheme, after the Nigerian penal code for fraud, the Secret Service believes the Nigerian e-mail scam has bilked hundreds of millions of dollars annually from users.

Here's how it works. A person gets an e-mail supposedly from a foreign official who wants to transfer a huge sum to their bank account to get the money out of the country.

There are many variations on the theme afterwards: providing bank account information, which is subsequently used to wipe out the account's funds; the person is encouraged to travel overseas to complete the transaction; or getting the victim to cash a check and send it back to the scam artist and get left with the bill when it bounces.

The scam has reached urban legend status, with tales of kidnapped victims and emptied bank accounts, yet it remains a problem. Why, then, do people continue to fall for the con?

Andrew Jaquith, a senior analyst at research firm Yankee Group, said that P.T. Barnum was slightly wrong when he said there was a sucker born every minute – there are hundreds.

"There's a whole legion of young scam artists that are sending these kind of things from cyber cafes in Nigeria, I believe, where a lot of these are originating," he said. "They're just trading on human gullibility.

"I don't know why people keep opening these things," he added. "You'd think after enough of these urban legends had spread around in the popular press -- or maybe somebody's friends or relatives got victimized by this -- you'd think there would have been a built-up herd immunity to this."

Scammers, notably the Nigerian fraudsters, follow a predictable pattern and are easy to spot.

Invariably, they begin with an entreaty like this: "I am sending you this private email to make a passionate appeal to you for assistance. Kindly accept my apology for contacting you this way and forgive me if this is not acceptable to you. My name is James Odibo; I am an auditor at one of the Nigerian Banks.

Jaquith said spammers, on the other hand, are getting more sophisticated in their methods, like joining e-mail discussion lists to cull and spoof addresses not normally accessible to their harvesting methods.

"The folks writing the bulk e-mails are getting clever, and you sort of have to take your hat off to them and say, 'damn that's smart, I wish I would have thought of that,' mining e-mail lists and things like that," he said. "It's fair to say they're always going to be ahead of the defenders."

According to a National Fraud Information Center's Internet Fraud Watch report earlier this year, the Nigerian scam was the third-largest reported menace affecting users in 2004, at 9 percent. It followed auction (51 percent) and general merchandise (20 percent) scams that promise, but don't deliver, goods.

Although the Nigerian money scheme came in third, statistics show it was the costliest scam of the three. The average loss attributed to the Nigerian fraud scheme was $2,649 while auction scams resulted in an average loss of $765 and general merchandise of $846.

All three rate higher than another scheme that's received much more national attention: phishing. According to the group's report, phishing accounted for 5 percent of complaints and an average loss of $182.

While Web sites are the primary method scammers use to contact potential marks at 77 percent, e-mail accounts for 22 percent, the report shows.

A survey published by the Pew Internet & American Life Project in April shows that while 52 percent of respondents consider spam a big problem, there's been a drop in the percentage of people who say they are less trusting of e-mail in general, from 62 percent in 2003 to 53 percent.

The survey also showed that 22 percent found spam reduced their overall use of e-mail, down from 29 percent the year before; 67 percent said spam made their online experience unpleasant or annoying, down from 77 percent a year ago.

Deb Fallows, a Pew senior research fellow, said a surge in new Internet users or more sophisticated social engineering on the part of spammers and scammers isn't responsible for fraud's success.

E-mail providers are providing tools for new Internet users, she said, to protect their initial online experience. That and the fact that their e-mail addresses don't immediately appear on bulk e-mail lists keep new users relatively protected. Social engineering, on the other hand, just tweaks the success rate for scammers and spammers, she said.

What's creating the success rate, she said, is pure quantity. In years gone by, spam made up 50 percent of all e-mail, then it became 60 percent and 70 percent, at an increasing rate. Jaquith said spam will make up 95 percent of all e-mail within the next two years.

And while the efforts of spam filters, ISPs and e-mail providers are more effective at countering the increase, Fallows said, all you need is a small fraction of people responding to keep the spam/scam industry alive.

"You'll never train everybody to not respond to this stuff or not be taken in by this stuff," she said, "so there will always be enough people responding to make it worthwhile to be a spammer."

How much is enough to keep scammers and spammers interested in their activities? Fallows said the number she's been using is that if only .001 percent of spam sent is responded to, it is enough of a return on the investment to make a living.

She points out that not all spam is illegitimate, however, with some unsolicited e-mail providing real goods that people will buy.

"You just need one person, or a couple people out of thousands, to respond and you've got a business for yourself," she said.