419 baiters: Not all scam emails from Nigeria

Almost everyone has received an email from 419 baiters promising riches from African royalty, but not all 419 scam emails come from Africa.

In this video, Davi Ottenheimer, Founder of Flying Penguin Consultancy, and Harriet J. Ottenheimer, Professor of Anthropology at Kansas State University, discuss what they learned by analyzing the linguistics of these emails, and how their findings can help you prevent employees from getting suckered in by these scams.

Read the full transcript from this video below:  

419 baiters: Not all scam emails from Nigeria

Rob Westervelt: Hi, I'm Rob Westervelt, the News Editor of SearchSecurity.com. Today
we're going to be talking about 419 scams and phishing attacks with Harriet
Ottenheimer. She's professor of anthropology at Kansas State University.
And Davi Ottenheimer, he's president of security consultancy, Flying
Penguin. They've done some interesting research in this area. Thanks very
much for joining us.

Davi Ottenheimer: Thank you.

Rob Westervelt: So, we've heard all about these 419 scams. Up to this point, are there
any good defenses against them?

Davi Ottenheimer: There have been good defenses. The difference is that only a few
people might have known about them. And as the threat has grown and exposed
more people, then more people have to know how to defend themselves. So,
it's an education process. Letting people know how to defend themselves
against an attack that they may not have seen before.

Rob Westervelt: And this goes beyond 419 scams, doesn't it?

Davi Ottenheimer: Absolutely, it bleeds into social engineering as a whole, which has
been in the headlines recently. We've seen quite a bit of reaction to the
Green Dam incident for example with China and our law firm in the United
States, the Google hacking incident. We see it all the time in the security
industry, with social engineering being one of the biggest problems for
practitioners now. Because it's non-technology related. It's really
educating people. So, this is just a study that pinpoints 419, but it's
applicable outside into most social engineering situations.

Rob Westervelt: Enterprises are concerned about this?

Davi Ottenheimer: Absolutely, we think that this will be very helpful in instructing,
not only the security practitioners but the individuals themselves, maybe
just the general public even in how to defend themselves against attacks
coming from sources that they're not familiar with.

Rob Westervelt: So, Davi, tell us about your study. What did you look at?

Davi Ottenheimer: We looked at a number of email messages that came from various places
around the world. In brief, the advance fee fraud scam is an email message
with a particular type of language used, that's trying to perpetrate fraud.
So we took a collection of those, a hundred or so, and my mother did the
analysis, linguistic analysis of them.

Rob Westervelt: Harriet, your background is in anthropology, what got you involved in
this project?

Harriet Ottenheimer: One day I just got one too many of these things. I was sitting and
writing and my email was open and one of these things came popping in and I
was just annoyed enough to pop an answer back saying, 'Stop sending these
to me!' Which immediately resulted in me getting six more, immediately. And
I think, there was a live person on the other end and so they were going to
send me more. And Davi suggested, I turned to Davi and to my other son Afan
and asked them, "What do I do about these things? How do I get them to
stop?"And their answer was, "You could try tracing them and reporting
them." That was a great new game! And I started tracing them and reporting
them and it was very satisfying. And as I did that I started noticing that
they weren't all coming from Africa and that got me really curious. So, I
started collecting and that's when we designed this project and I started
collecting them. I collected six months worth of them and started analyzing
them and indeed fewer than half of them actually could trace to Africa.
They were traced to England, they were traced to Hong Kong, they were
traced to the United States, they were traced to Israel. They were traced
all over the world. And that indeed got me even further interested and I
began doing the research on the linguistics of them.

Rob Westervelt: What clues did they give you that told you that they weren't from

Harriet Ottenheimer: Actually they weren't clues, it was just in the tracing that you
would find, when you got to the end of the trace, that it came from some
place else.

Rob Westervelt: Can you explain the linguistics?

Harriet Ottenheimer: These are people that whether they were Africans living somewhere
else, or they were somebody else altogether, they were trying to sound like
Africans. They were trying to sound like Africans on paper or on a screen,
I guess you'd have to say. They were trying to have an African accent so
that it seemed like to me, the idea that, if they sounded like Africans,
that I would then believe I had somebody that I was corresponding with. Who
filled all your stereotypes of Africans, then they would be a little bit
more successful in breaking down my particular resistance.

Rob Westervelt: Why would somebody want to fashion a message that made it look like it
came from Africa?

Harriet Ottenheimer: What do you think of when you think of an African? We do have
stereotypes and they are, even thou we try hard not to act on them, we do
have them. And they typically are of Africans as wealthy, corrupt, having
access to hidden wealth, willing to share that wealth with us. When you
think of somebody like that, you're not thinking of, I don't know, a
Mexican, an American Indian, a Chinese person. That somehow there's
something that the media gives us and reinforces for us about Africans as
the kinds of people that are likely to engage in these sorts of dealings.

Rob Westervelt: So, explain what you found. What is it about these messages that made
people respond?

Harriet Ottenheimer: Think about Eddie Murphy in Coming to America. Think of the
language that he uses. He's not sounding like Eddie Murphy in that movie.
He's sounding, he's using very big words, he's pronouncing them very
carefully. He's using florid language, he's using stilted language. He's
using words in odd ways or odd orders. And all of the folks who were trying
to be wealthy Africans in that movie are using that kind of language. So,
those are just a few of them. And the interesting thing is that the
stereotype's got two sides. It's got this wealthy African side but it's
also got this poor, unable to deal with big amounts of money, post-colonial
folks. Folks who need your help. And the other thing that we discovered as
we looked at this is that the typical targets are not what you would
expect. They are not the little old ladies in trailer courts who fall
victim to these. These are educated, intelligent, well-educated folks, who
seem to be targeted. For example, I would get a lot of these as a
professor. My students never saw them. They never received a single one, I
had to show them what these look like. So, the victims are doctors and
lawyers and professors, they're financial planners. And this struck us as
really strange until we began to think about this African stereotype. Not
only are you dealing with a wealthy corrupt person but someone who needs
your help. And you as the professional, you know how to trust your own
judgment and you know how to help people. So, there you are. It's the
language that acts as the stereotypes, it makes you more likely to break
down and try to help.

Rob Westervelt: Davi, can this be applied to phishing messages as well?

Davi Ottenheimer: Well, typically in social engineering research we try to find ways to
break down barriers within a company and then show them how they've been
had or how they've been exploited. And so, in the same way what we're doing
here is we're showing ways people can be exploited, hopefully to educate
them around ways that they can educate themselves about threats. So, with
419 or African stereotypes, we're educating people about stereotypes, about
cultural differences. So, you're looking for things that would signify a
weakness in yourself about how you perceive others. If you have a
particular stereotype about the Chinese, that may make you more vulnerable
or more susceptible to Chinese threats. It's kind of the adverse of what we
usually think. But the more stereotypes we have the more vulnerable we
become, essentially.

Rob Westervelt: So, what's the future of what you discovered? Is this something that
can be applied to technology?

Davi Ottenheimer: It can be applied to almost every email message or linguistic
analysis can be applied to any sort of communication. To make it easier to
find things that look more like threats and less like normal communication.
We think that in technology terms, we have exhausted a lot of the
technology and resources that you can apply to problems in security, and so
you see a lot of shifting to human issues. It's always been humans as the
primary problem but a lot of technology like firewalls and IDS/IPS has been
lacking. So, we've applied a lot of that. Now that most companies have a
lot of that technology and these attacks are continuing to get through,
they're getting through through humans more and more and it's still being a
major problem. And we're trying to figure out ways that we can get inside
people's minds and really educate them better. So, this can definitely be
applied in that space just as a beginning step but when you look at 419
expanding itself, it's in a growth rate, it can be applied just the 419 and
still be helpful. So whether or not we apply it broadly across social
engineering and the human factor or whether we just look at stopping more
419 type of fraud, it's going to be applicable.

Rob Westervelt: Is there a way to get the linguistic patterns into a technology?

Davi Ottenheimer: In theory it makes a lot of sense. It's a little early to tell for
sure. But the idea is that, just like you have antivirus scanners that
look through code for particular snippets that are maybe malicious, we can
look through language and look for linguistic code, or you can look through
it as code, and try to find language that is suspicious or different than
what you would expect. Florid style for example, as my mother explained,
would be a signifier.

Rob Westervelt: Well, thanks very much for joining us.

Davi Ottenheimer: Thank you.

Harriet Ottenheimer: You're welcome. Thank you.

Rob Westervelt: And thank you for joining us for this video. For more information on
this subject you can go to SearchSecurity.com.

View All Videos

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.