Inside the scam jungle: a closer look at 419 scam email operations

Abstract419 scam (also referred to as Nigerian scam) is a popular form of fraud in which the fraudster tricks the victim into paying a certain amount of money under the promise of a future, larger payoff.Using a public dataset, in this paper, we study how these forms of scam campaigns are organized and evolve over time. In particular, we discuss the role of phone numbers as important identifiers to group messages together and depict the way scammers operate their campaigns. In fact, since the victim has to be able to contact the criminal, both email addresses and phone numbers need to be authentic and they are often unchanged and re-used for a long period of time. We also present in detail several examples of 419 scam campaigns, some of which last for several years - representing them in a graphical way and discussing their characteristics.

[1]  Aurélien Francillon,et al.  The role of phone numbers in understanding cyber-crime schemes , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[2]  Lotfi A. Zadeh,et al.  A COMPUTATIONAL APPROACH TO FUZZY QUANTIFIERS IN NATURAL LANGUAGES , 1983 .

[3]  Michalis Vazirgiannis,et al.  On Clustering Validation Techniques , 2001, Journal of Intelligent Information Systems.

[4]  Leyla Bilge,et al.  Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat , 2012, RAID.

[5]  F. Boutin,et al.  Cluster validity indices for graph partitioning , 2004 .

[6]  Vicenç Torra,et al.  Modeling decisions - information fusion and aggregation operators , 2007 .

[7]  Gang Zhao,et al.  Knowledge-Based Information Extraction: A Case Study of Recognizing Emails of Nigerian Frauds , 2005, NLDB.

[8]  Mountaz Hascoët,et al.  Cluster validity indices for graph partitioning , 2004, Proceedings. Eighth International Conference on Information Visualisation, 2004. IV 2004..

[9]  Vicenç Torra,et al.  The weighted OWA operator , 1997, Int. J. Intell. Syst..

[10]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[11]  Marc Dacier,et al.  A strategic analysis of spam botnets operations , 2011, CEAS '11.

[12]  L. Shapley A Value for n-person Games , 1988 .

[13]  Angelos D. Keromytis,et al.  An Analysis of Rogue AV Campaigns , 2010, RAID.

[14]  G. Choquet Theory of capacities , 1954 .

[15]  Michel Grabisch,et al.  A decade of application of the Choquet and Sugeno integrals in multi-criteria decision aid , 2010, Ann. Oper. Res..

[16]  Olivier Thonnard,et al.  Vers un regroupement multicritères comme outil d'aide à l'attribution d'attaque dans le cyber-espace. (A multi-criteria clustering approach to support attack attribution in cyberspace) , 2010 .

[17]  Stefan Savage,et al.  Spamscatter: Characterizing Internet Scam Hosting Infrastructure , 2007, USENIX Security Symposium.

[18]  菅野 道夫,et al.  Theory of fuzzy integrals and its applications , 1975 .

[19]  Cormac Herley,et al.  Why do Nigerian Scammers Say They are From Nigeria? , 2012, WEIS.

[20]  Aurélien Francillon,et al.  Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations , 2013, IEEE Symposium on Security and Privacy Workshops.

[21]  Feng Qian,et al.  Botnet spam campaigns can be long lasting: evidence, implications, and analysis , 2009, SIGMETRICS '09.

[22]  Michel Grabisch,et al.  K-order Additive Discrete Fuzzy Measures and Their Representation , 1997, Fuzzy Sets Syst..

[23]  Jude Oboh,et al.  Nigerian Advance Fee Fraud in Transnational Perspective , 2010 .

[24]  Ronald R. Yager,et al.  Quantifier guided aggregation using OWA operators , 1996, Int. J. Intell. Syst..

[25]  Grzegorz Kondrak,et al.  N-Gram Similarity and Distance , 2005, SPIRE.