SAN FRANCISCO – Those pesky Nigerian 419 scam messages don't actually come from Nigeria, or any African country...
for that matter.
Linguistic clues helped two researchers trace the 419 messages and determine that many of them are potentially sent by cybercriminals in Eastern Europe or Asia. Harriet Ottenheimer, a professor of anthropology and American ethnic studies at Kansas State University teamed up with her son, Davi Ottenheimer, president of security consultancy FlyingPenguin, to conduct the research. They say the results could be used in the future by enterprises to scan and warn recipients that the messages are a hoax.
"These are people who designed the message to make it look like it is coming from Africa," Harriet Ottenheimer said. "They use words designed as triggers."
419 scams are a classic example of social engineering. As mentioned above, they are written to look like they come from Africa and target wealthy, well educated people. While there are dozens of variations, the message usually asks the recipient to help facilitate a financial deal. The victim is asked to pay an advanced fee to set up an account, for example, and is enticed with the promise of a reward. If a victim pays the fee, the scammers say a problem has surfaced and continue to request money in a never ending cycle until the victim realizes they have been scammed.
In an interview with SearchSecurity.com, Harriet Ottenheimer said the chances of a message coming from Africa are slim. More than 50% of these 419 scam messages are designed by cybercriminals located in places other than Africa, she said. Many of the messages have "triggers" designed to lure the victim to send money.
Harriet Ottenheimer said she got involved with the project after receiving several 419 messages. When she responded to one of the messages, asking the sender to stop sending her the emails, messages started appearing more frequently in her inbox. She collected them and used her background in linguistics to closely examine dozens of messages for clues about where they originated from and to find patterns that could be used to block them.
While some spam filters can weed out a relatively high percentage of 419 messages, some invariably slip through, Davi Ottenheimer said. This research potentially could be applied in some kind of technology to automate the process of scanning and alerting recipients that the email is fraudulent. It also may be used to improve antiphishing technologies.
"You can create a way to look for linguistic patterns," Davi Ottenheimer said. "Just as you can scan for bad code in viruses and malware, you could take the same approach in email."