I've been exchanging thoughts with ESET Ireland's Urban Schrott on the surprising longevity of the 419 scam, despite the frequently stereotypical nature of this lo-tech exercise in social engineering.Part of the problem, of course, is the difficulty of persuading people that “if it sounds too good to be true, it's probably too good to be true,” and that “something for nothing” is likely to turn out to be a way of getting nothing for something. Sometimes that “something” can be quite substantial, too: one individual is reported to have defrauded the firm of lawyers she worked for of near enough a million dollars in the expectation of getting that and much more back in the end, with which to top up the petty cash.
Well, you might find it hard to feel too much sympathy for lawyers, and might even see a certain irony, given how many 419 scammers claim to be lawyers (or bankers, or the widows of dictators, or other sympathetic characters). You might also wonder how a prominent psychologist and neuroscientist managed to lose $3 million over a 10-year period.
But, in the course of that exchange of email with Urban, it occurred to me to wonder if it might help if some of the countries most associated with various forms of advance fee fraud (AFF) would take it a little more seriously. I'm thinking, of course, of Nigeria, which has been the source of at least two of the common names for this kind of scam. To be precise, the “Nigerian” scam or 419: the number refers to the section of Nigeria's criminal code addressing the obtaining of property under false pretenses. So at least there seems to be an applicable law. But according to Dr. Nnaemeka Ewelukwa, a senior teaching fellow at the University of London, only the Advance Fee Fraud and other Fraud Related Offences Act 2006 specifically deals with internet crime, and only in terms of the regulation of ISPs and cybercafés. A cybercrime bill that recently failed to find approval by the National Assembly is apparently just the latest of many that were intended to plug that gap. According to Dr. Ewelukwa, a number of cybercrimes are simply not punishable under Nigerian law at present, including hacking, spamming and identity theft.
The 419 Coalition website claims that 419s may be the third largest industry in Nigeria, and that the formerly quite effective Economic and Financial Crimes Commission (EFCC) became much less effective after 2008, when its leadership changed. Perhaps with the recent return of Ibrahim Lamorde as director of operations, we'll see a return to some EFCC anti-419 crusading. At any rate, if the EFCC's recently-presented bill – also addressing internet crime – fares better than its recent predecessors, we may yet hope that at least one source of flooding might reduce to a trickle. Unfortunately, however, the days when nearly all 419-type scams originated in West Africa are long gone.
