After receiving a question from a client about a recent scam email, we thought it would be appropriate to address the topic of the “Nigerian Prince”, “Spanish Prisoner” or “419” letter and why it is still relevant in 2020.
The type of fraud employed in these scams is known as an “advance-fee scam”. The scam lures it’s victims in with promises of riches. The only stipulation: provide a small investment upfront to later receive a much larger payout. This trap can continue to be successful by taking advantage of the “sunk cost fallacy,”; the victim has already invested so much money into the scheme so that they continue in hopes that eventually they will see their return.
The history of this scam dates back hundreds of years to the French Revolution. A letter would arrive at the door of an unsuspecting victim describing how a well to do Frenchman was taken as a Spanish Prisoner just prior to being able to retrieve the treasure trove of jewels, gold, and other valuables that they were hiding prior to their capture. The Spanish Prisoner would then ask their victim to send money so that they could be freed and upon gaining freedom the victim would be paid back in full. This story has continued to evolve over the years. Now, this story primarily takes shape in the form of a Nigerian Prince who needs assistance to reclaim their wealth. Other scams of a similar nature include bogus job offers; cash-handling scams; lottery scams; online sale scams; pet scams and mobile tower installation scams.
This begs the question: “It’s 2020! Why does this still work!?”. The answer is simple – it is the perfect story. There is logic to the scammer’s argument. Those down on their luck, have a certain naivete, or an unsubdued level of greed are easy wins for the scammers. We can all relate to the idea that someone has experienced a level of hardship, so we want to be the hero. It doesn’t hurt if we get a little kickback and the end of it, does it? Just like any social engineering scam you may see in cyberspace these days; it tugs on the individual’s emotions in a way that seems genuine.
So, what can we do to prevent ourselves, our users/employees, or our organization’s from falling victim to the types of scams? Employ a solid security awareness training program that includes social engineering, phishing, and good internet hygiene as topics. The best way to defeat scammers is a healthy suspicion that the individual on the other side of the screen, phone, or standing right in front of you may not be who or what they say they are. Users who find themselves receiving such scam emails should ensure to notify their organization’s IT or Information Security department(s) so that the emailer’s domain can be investigated and reported or registered as spam as necessary.