News Stay informed about the latest enterprise technology news and product updates.

Nigerian 419 scam messages are not from Africa, experts say

A study of 419 advanced fee fraud messages found many of them may be coming from cybercriminals in Eastern Europe and Asia.

SAN FRANCISCO – Those pesky Nigerian 419 scam messages don't actually come from Nigeria, or any African country for that matter.

Linguistic clues helped two researchers trace the 419 messages and determine that many of them are potentially sent by cybercriminals in Eastern Europe or Asia. Harriet Ottenheimer, a professor of anthropology and American ethnic studies at Kansas State University teamed up with her son, Davi Ottenheimer, president of security consultancy FlyingPenguin, to conduct the research. They say the results could be used in the future by enterprises to scan and warn recipients that the messages are a hoax.

RSA Conference 2010

For all the latest news, podcasts and more direct info from the show floor in San Francisco, visit our RSA Conference 2010 special news coverage page.

"These are people who designed the message to make it look like it is coming from Africa," Harriet Ottenheimer said. "They use words designed as triggers."

419 scams are a classic example of social engineering. As mentioned above, they are written to look like they come from Africa and target wealthy, well educated people. While there are dozens of variations, the message usually asks the recipient to help facilitate a financial deal. The victim is asked to pay an advanced fee to set up an account, for example, and is enticed with the promise of a reward. If a victim pays the fee, the scammers say a problem has surfaced and continue to request money in a never ending cycle until the victim realizes they have been scammed.

In an interview with, Harriet Ottenheimer said the chances of a message coming from Africa are slim. More than 50% of these 419 scam messages are designed by cybercriminals located in places other than Africa, she said. Many of the messages have "triggers" designed to lure the victim to send money.

Harriet Ottenheimer said she got involved with the project after receiving several 419 messages. When she responded to one of the messages, asking the sender to stop sending her the emails, messages started appearing more frequently in her inbox. She collected them and used her background in linguistics to closely examine dozens of messages for clues about where they originated from and to find patterns that could be used to block them.

While some spam filters can weed out a relatively high percentage of 419 messages, some invariably slip through, Davi Ottenheimer said. This research potentially could be applied in some kind of technology to automate the process of scanning and alerting recipients that the email is fraudulent. It also may be used to improve antiphishing technologies.

"You can create a way to look for linguistic patterns," Davi Ottenheimer said. "Just as you can scan for bad code in viruses and malware, you could take the same approach in email."

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.