Scambaiter: Understanding Targeted Nigerian Scams on Craigslist

Advance fee fraud scams, also known as Nigerian scams have evolved from simple untargeted email messages to more sophisticated scams targeted at users of classifieds, dating and other websites. Even though such scams are observed frequently, the community’s understanding of targeted Nigerian scam is limited since the scammers operate “underground”. In this paper, we focus on fake payment scams targeting users on Craigslist. To better understand this type of scam and associated scammers, we built an automated data collection system. The system relied on what we term magnetic honeypot advertisements. These are advertisements that are designed to attract scammers but repel legitimate users – similar to how a magnet attracts one side of a magnet but repels the other. Using advertisements of this type, we offered goods for sale on Craigslist, gathered scam emails and interacted with scammers. We use this measurement platform to gather three months of data and perform an in-depth analysis. Our analysis provides us with a better understanding of scammers’ action patterns, automation tools, scammers’ email account usage and distribution of scammers’ geolocation. From our analysis of this dataset, we find that around 10 groups of scammers were responsible for nearly half of the over 13,000 total scam attempts we received. These groups use shipping address and phone numbers in both Nigeria and the U.S. We also identify potential methods of deterring these targeted scams based on patterns in the scammer’s messages and usage of email accounts that might enable improved filter of their initial messages by content and email address.

[1]  Monica T. Whitty,et al.  The Online Romance Scam: A Serious Cybercrime , 2012, Cyberpsychology Behav. Soc. Netw..

[2]  Aunshul Rege What's Love Got to Do with It? Exploring Online Dating Scams and Identity Fraud , 2009 .

[3]  Gang Zhao,et al.  Knowledge-Based Information Extraction: A Case Study of Recognizing Emails of Nigerian Frauds , 2005, NLDB.

[4]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[5]  Andrew D Smith NIGERIAN SCAM E-MAILS AND THE CHARMS OF CAPITAL , 2009 .

[6]  Kathleen Fearn-Banks Crisis Communications: A Casebook Approach , 1996 .

[7]  Vaibhav Garg,et al.  Craigslist Scams and Community Composition: Investigating Online Fraud Victimization , 2013, 2013 IEEE Security and Privacy Workshops.

[8]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[9]  Nick Feamster,et al.  Dynamics of Online Scam Hosting Infrastructure , 2009, PAM.

[10]  Cormac Herley,et al.  Why do Nigerian Scammers Say They are From Nigeria? , 2012, WEIS.

[11]  Aurélien Francillon,et al.  Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations , 2013, IEEE Symposium on Security and Privacy Workshops.

[12]  Gianluca Stringhini,et al.  The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns , 2011, LEET.

[13]  Kevin C. Almeroth,et al.  FIRE: FInding Rogue nEtworks , 2009, 2009 Annual Computer Security Applications Conference.

[14]  Stefan Savage,et al.  PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs , 2012, USENIX Security Symposium.