Schneier on Security

At this point, is Western Union anything other than a massive money laundering operation?

This is more sophisticated than the 'guy in a cybernet cafe' model.

Spanish Prisoner as a buisness model...hmmmm. Much as I like Steve Martin....I'd have to say it sounds more like Glengarry Glen Ross.

OMG! Boca Raton has been outsourced!

What I don't get is why don't they change Nigeria to some other country in their spam?

The interesting point from my point of view is the use of human resources.

With the likes of China and others having "bucket shops" where an "owner" has a room with PC's and rents out the keyboard jockies to the next level up the food chain (ie 30cents/capatcher, 10cents goes to the keyboard jocky).

I suspect a study of the economics of each level would be profitable with regards to prevention.

Also of interest in the article:
"In the year before I was arrested I earned about $75,000 (£46,000) for my family."
It's easy to see why Nigerian, and Russian, authorities aren't cracking down to harshly...

@Clive 'would be profitable with regards to prevention.'

Anything with an organization can be picked apart? I agree with the concept but can find little literature on how you'd go about doing it. Either it's all aimed at street level individual actors or it's on the level of deploying strategic weapons. Any citations for the middle ground?

>At this point, is Western Union anything
>other than a massive money laundering
>operation?

Yes.

Heard the other day that Mexico's remittances from the U.S. fell from $26B to $20B. It's there second largest source of foreign trade after oil.

I'd suspect an awful large amount of that travels through Western Union and the like.

I couldn't find the U.S. annual loss figure, I found one that claimed $150M/year in 2005 for the U.K., which extrapolated to the U.S. population would be $750M/year.

So back-of-the-napkin math is for every dollar sent legitimately (if you don't count the immigration status of the earner) by Western Union to Mexico, 3 cents was transferred to a Nigerian scammer.

So it seems WU still would have a large and legitimate business.

For scale, the U.S. Secret Service currently puts ATM card skimming losses in the U.S. at $800M.

Those numbers are quite large enough to support well organized criminal syndicates, but let's keep the perspective that they're just a tiny fraction of the total size of our economy.

@Sebastian - they do. I've seen emails pertaining to be from South Africa, Palestine, Honduras, Cameroon, Chad, and a handful of other countries.

In general though, I figure they don't need to change their country of origin.

Anyone who thinks that this kind of scam can be stopped is an idiot.

It's been going on for hundreds of years. Possibly longer.

As with most other things, improved communications (the Internet) just provided a way to speed up the process and allow layers of specialization.

@ BF Skinner,

"Any citations for the middle ground?"

Not academic.

However the history of the UK "Pirate Radio" legislation should give you an idea of what the respective authorities (Post Office, Home Office, Dept of Trade and Industry, OfCom) in turn have tried and how the "Pirates" have evolved around the issue.

Put simply Pirates are a "political" problem not an actual problem.

The likes of the big broadcasters see them as stealing advertising revenue (not true) the Performing Rights Society etc regard them as theives (the artists see them as free "air play"). Most people who listen to them do so because they provide something other than the three big comerical operators (who own over 80% of the supposadly indipendent stations) "aproved play list"

That is it is a monopoly market designed specificaly to get "advertising revenue" and push "dependent artists" from the likes of Simon Cowel (yes the multi-millionair of the X-Factor).

OfCom are a UK Gov quango that is very self interested and does not represent the view of the UK populus or others and is a political football.

The result is the Big Money Boys regard pirates as stealing the market they have bought and paid for. And thus get very upset and lean on the politicos (they also consider to have bought and paid for) to do something.

Back in the 1980's there was a sea state change Norman Tebbit had little sympathy for the "civil service" types who regarded pirates as being worse scum than drug dealers as had Harold Wilson (Labour PM in the 60's) who had introduced the "Marine Offences Act". The result was Pirates got a good foot hold on the UK mainland and little or nothing was done to stop them.

A clasic example was "Solar Radio" in London that had so much of the "youth audiance" that Coca Cola told Capital Radio that it was going to stop the near on 1million GBP a year advertising budjet and redirect it towards the pirates.

Little "Dickie" (Richard) Attenborough who was a major figure in Capital Radio, went and banged every political head he knew making all sorts of threats and FUD and impressing on anyone who would listen that the Pirates where akin to subversives and would bring the country down.

The result was significant preasure on the likes of Eric Gotts who used every legal and illegal trick (Yes he got a criminal prosecution to his name) he could to stop the Pirates (Much as the Boston Authorities currently treat artists and students as terrorists...).

Through to the current OfCom using the likes of RIPA to attack the Pirates, which initialy failed, then on the advertisers which again failed. Through to perverting the use of the EU R&TTE Directive and OfCom officers perjuring themselves to judges and majistrates to illegaly attack legitimate suppliers of components that the Pirates obtained by setting up false companies to order through.

Interesting paper: "Understanding scam victims: seven principles for systems security".
www.cl.cam.ac.uk/techreports/UCAM-CL-TR-754.pdf

Enjoy...

@ Brandioch Conner,

"Anyone who thinks that this kind of scam can be stopped is an idiot."

And rearanging the words somewhat gives the reason,

This kind of scam can not be stopped as long as anyone thinks like an idiot

Why on earth anyone should think that a Nigerian General's son is going to specificaly contact them out of the blue to get their fathers supposed ill gotten gains out of Nigeria is beyond me.

That is the old business rule of,

The greater the apparent reward, the greater the real risk.

Most definatly applies.

However to be caught twice is the mark of an imbecile not an idiot (heated coin test from early last century).

And as for three or more times then they would (as with the heated coin test) be morons, and thus should be protected from themselves.

@Sebastian "What I don't get is why don't they change Nigeria to some other country in their spam?"

I've had the same offer (in a snail mail!) from England from someone claiming to be an English lawyer. This was the "You have the same surname as my late client" variation.

I'm guessing that they mostly use their real country so if the mark asks for evidence of location they can easily get a photograph taken outside some famous landmark.

@Clive Robinson "This kind of scam can not be stopped as long as anyone thinks like an idiot"

Very true. What is it about greed that turns off the critical faculties of so many?

"Much as the Boston Authorities currently treat artists and students as terrorists..."

That might be a reference to the Lite Brite thing, but I think its a little too harsh. The Boston/Cambridge area contains over thirty universities and colleges, including MIT, Harvard and Boston U. There's at least a hundred thousand students in the area (probably more). Boston is basically a student town, and the local politicians are well aware that those students vote. Boston has always been a leftish, activist sort of place.

Reminds me of the Werewolf game we used to play for fun http://www.eblong.com/zarf/werewolf.html

The other day I was trying to sell a netbook and published an ad in a site that is frequented by people in my city. Since I was only interested to do the sale locally. I live in Bolivia.

However, I received a response in Spanglish offering 3x the cost I initially asked for if I accepted an international transaction. The spanglish was very odd and I knew it is best to avoid these things but I was curious. At first She claimed to be in Argentina and that he wanted the netbook for her 'reverend' ASAP and hence the price.

Well, I kept playing along avoiding to give my bank account number and any information and at the end she gave me the address to which I am supposed to send the package, somewhere in ... Nigeria...

Well, I actually googled the email address "stephanie_smith913@yahoo.com" and received results of other Latin american people warning about these scams . Apparently the foot soldiers tend to use the same email address. Anyway , it is an interesting comment, try taking a look at the images from : http://www.gsmspain.com/foros/... . This post reminded me of that other one because once again the scammers pretend to be FBI.

Of course, the English sucks but note that the victims are specifically Latin Americans, the most vulnerable victims would not notice the bad English. I heard there were already many cases of people sending expensive goods towards Nigeria only to find out the wire receipt they got was fake...

And then there's the other side: The 419 eaters who deliberately try to waste these scammers time arguing, as long as they are busy with fake baiters, they won't have time for the real victims.

NSFW: http://forum.419eater.com/forum/album.php

This interview told us nothing we already didn't know at 419Eater. If you want good background information about Advance fee frauds, read these:

* Harvey Glickman: The Nigerian “419” Advance Fee Scams: Prank or Peril? (117 kB PDF) http://web.archive.org/web/*/http://...
* Nigeria-Related Financial Crime and its links with Britain (280 kB PDF) http://www.chathamhouse.org.uk/research/africa/...
* Pauline Reich: Advance Fee Scams In-Country and Across Borders (490 kB PDF) http://web.archive.org/web/*/http://...

A note to all readers: Not ll 419 letters floating in the "cloud" are from Nigerians, or involve Nigerians. Nigerians do not have a patent on the art of scam letter writing, or of scamming.

"What is it about greed that turns off the critical faculties of so many?"

cognitive dissonance

@Erik Norgaard: "And then there's the other side: The 419 eaters..."
there is a lot more to read about the "other side" on http://www.scamorama.com ... well worth visiting from time to time...

Has Readers Digest been studying this interview? I just had a very official looking letter, followed by a faked up special delivery envelope full of checks made out to me and more stickers, bar-codes and official looking stamps all over it than a Royal Commission. Maybe not a full blown scam but certainly misleading intent to get me to part with money to sign up for something. What one is committing to is impossible to determine from the materials provided, but presume by putting that cute sticker on the envelope I am signing up for a lifetime subscription to some crap or other,

Interesting that bar-codes are now part of the tricksters tool-bag. These must give people a false sense that this is all being electronically tracked hence a secure and officially sanctioned transaction.

One thing I was struck by: <1% response rate, and only 5% of those give money -- yet it's still profitable enough to support multiple gangs.

If there are all these layers of checking, why is the English in these things things such a joke? Indeed, the same typos pop up over and over again.

I hope that the authorities of Nigeria will do something about this scam Nokia Live promo going on right now. I know from the very start that it was a scam but still i am stupid giving my details. But they have addresses and telephone numbers mentioned in this scam which I don't think exist.

@HUge: Do NOT correct or point out their mistakes. A potential victim may spot them and figure out that this offer isn't real, after all.

We don't want educated scammers.

A while back I posted a room on craigslist looking for a roomate. A scammer answered, and I quickly put it back on the market, but decided to string him along.

He sent 3k in fake money orders. I claimed they never showed up, he sent more. Eventually, I told him the jig was up. I even told him that his money orders sucked, and I had seen better. (I had, from the previous scammer who replied to another ad)

It was amusing. The guy hounded me on IM for a month after that. Kept trying to talk me into helping him, said I would make lots of money.

All he needed me to do, was send out mail from the US, so it would have a US postmark, he would send me everything that I needed. Offered me $500 a box. He also asked if I needed any counterfit US currency.

I tried to get him to agree to cash up front in the box (I would love to get to brag about scamming cash from a nigerian scammer) but, alas, he wasn't giving it up. Too bad.

-Steve

It still shocks me how many people fall for these scams..years past the origin of these and people still fall for it. Just makes no sense at all..

A known person's yahoo account was recently hacked by guessing the password, then they sent emails telling everyone that person was in distress and needed money.

What portion of Western Union money transfers *to Nigeria* are legitimate? If the answer's less than 50% then block them (a law making Western Union etc liable to refund the sender if it turns out to be a fraud would effectively do this).