Nigerian prince email scams — also called 419 scams — are some of the oldest forms of cyber-attacks around. It’s easy to think that they’re just old news, now more the punchline of a joke than something that could actually happen. But the truth is, these scams continue to be highly successful. In fact, Americans lost $703,000 in 2018 by falling for them.
How they work
The most famous examples usually involve a too-good-to-be-true investment opportunity or an urgent plea to help get money out of the country in exchange for a piece of the sum. However, as people started to catch on to the scam, the scenarios they scammers use began to change.
But in whatever form, 419 scams generally follow a specific format. It starts when the victim receives an email (and more recently texts) out of the blue. The scammers will quickly try to build the trust of the victim, sometimes using official-looking documentation or even impersonating someone you know, with the goal of eventually getting the victim to disclose their bank account number and other personal information. At this point the scammers can access the bank account and withdraw any amount of money they want.
The Better Business Bureau highlights a few of the most common form these scams take today:
Beneficiary of a will
In this case, the victim receives an email claiming they were named the beneficiary of some long-lost relative who has left them large sums of money or valuable property. The email will request personal information to confirm the victim’s identity and of course ask for bank account information so they can transfer over the funds.
Fake cashier’s checks – targeting online sellers
In this variation, a person selling something online is contacted by someone who wants to purchase an item. The scammer then “accidentally” sends a (fake) cashier’s check or money order for far more than the agreed upon price and asks the seller to transfer back the difference. Often, the scammer will claim they urgently need their money back so the seller will transfer the money before the bank can verify the check is a fake.
Lastly, this scam involves the victim receiving a request for a donation to help fight against a corrupt government or violent group of criminals. The email will specify how urgent the need for money is and so request a money transfer for more immediate help.
Why they’re so successful
Given how widely known this type of scam is, it’s a bit of a wonder that people continue to fall for it. But along with the fact that they’ve changed up the scenarios there are a couple of good reasons they continue to work. After all, they wouldn’t be so common if they weren’t successful.
Scammers are highly organized
We often think of scammers as some loner hunched over their computer in a dark room. But when it comes to 419 scams, there are entire organized crime circles devoted to carrying out these attacks. A 2019 CrowdStrike report breaks down how these scams are structured. At the top, a crime boss directs an entire team of “spammers, catchers, and freelancers” to carry out various aspects of the attack. “Spammers acquire email lists and operate advanced mail systems. The catchers monitor the responses to the spam campaigns and make first contact with victims….in order to advance the scam. Freelancers perform additional duties such as…acquiring and developing infrastructure and creating fake documents.”
They exploit social vulnerabilities
Instead of looking for technical vulnerabilities to plant malware or other malicious software, the scams instead focus on our social vulnerabilities. Simply put, they look for ways to play on our emotions.
In some cases, they’ll try to pray on our greed. In other cases, they try to make us feel like a hero. As social psychologist Dr. Frank McAndrew explains, “we get the opportunity to feel good about ourselves by helping another person in need…After all, what could be more noble than helping an orphan in need or helping some poor soul recover money that rightfully belongs to them in the first place?”
They start small
Another way these scams work is by starting with small requests. Often the scammer won’t ask for much at first, but over time will claim they need more and more. And there are even psychological reasons this is so effective. In an article for Psychology Today, McAndrew writes, “Changing course is cognitively difficult because not only is it an admission of a bad decision, it also means giving up any hope of recouping our losses.”
Even if it’s not from a Nigerian prince, reports show that email scams are on the rise. Not only could they lead to financial loss but could even expose the sensitive information of you and your company. That’s why it’s important to learn to identify these scams in all there forms and be extra cautious about anyone —even if it comes from someone you know— asking you to send money or other personal information over email. Taking the extra time to verify what’s really going could be what saves you from getting tricked.
Also published on Medium.