Advance fee frauds messages – non-declining trend

Author:Bojan Dobovšek
Position:Faculty of Criminal Justice and Security, Ljubljana, Slovenia

Purpose – This paper aims to present some intake on advance fee frauds. Frauds of which frequency of occurrence, despite being long present and people are globally aware of them, still present great danger. Several quantitative and qualitative analyses were done in order to find out how and why these messages actually work. Design/methodology/approach – The paper is based on a literature review, quantitative analysis ... (see full summary)

1 Introduction

Advance free frauds (from now on AFF) are best enraptured in UK National Fraud Reporting Centre's definition, where they define them as a type of frauds, where the aim of the fraudsters is to collect the money, that victim gives voluntary, believing it is “an upfront payments for goods, services and/or financial gains that do not materialize” ( 419 – Nigerian Advanced Fee Fraud, 2012 ). Though these types of frauds have old historical roots (going back to sixteenth century) they become more widespread in 1970, when they were known as Nigerian letter frauds or 419 (as the majority of letters came from Nigeria, and the damage was so great that a number of countries press the Nigerian government to criminalizes such acts. They were criminalized under 419 Section of their criminal code – hence the name 419). Figure 1 summarizes the manner of how AFF work.

The core principle of these frauds is to persuade the victims that they will be richly awarded if they are willing to participate in the business deal/offer, which can also be a form of money laundering ( Lamberger, 2005 ) or even some other crimes. The great number of AFF forms starts out with a simple e-mail message that is massively sent. Those e-mails include numerous of proposal or deals (Table I).

Damages that are caused by these frauds are hard to assess due to the fact that no country, except Nigeria has specifically criminalized such type of frauds. In most of the cases, these acts are prosecuted under the rubric of other fraudulent acts ( 419 Advance Fee Fraud Statistics 2009, 2010 ). The estimates that are available show that damages are great. Ultrascan Research Services, has for some years now investigate and accumulate data regarding Nigerian letter frauds (type of AFFs) and in their conclusion they have stated that, these types of scams are worlds most successful scams, with 41 billion US dollar caused damages (9.3 billion just in 2009) and more then millions of victims ( 419 Advance Fee Fraud Statistics 2009, 2010 ).

We were interested to find out who is targeted, how AFF messages work and why do they work.

2 Analyses of fraudulent letters

The databases that were used for analyses are composed from two different research pools from two different periods. One is product of Slovenian police, it was produced with intention for analyzing some trades of Nigerian letters frauds. It must be warned that this is “not” an official database but a form of additional base, which included extracts from the letters (such as name of the sender, telephone number, amounts of funds, etc.) We added to these base 11 new cases that were found and originate from that period. Second database is our database of messages that we accumulated between January 2012 and September 2012. Message content was copied to a Word file, where we strived to maintain them as formatted and designed as originally intended by senders. Sample identification reference number was added, and we marked who received it and when. If it was possible, we copied contend of the e-mail header as well. 59 new AFF e-mails were received, by either one of the authors, or our colleges. In addition, one private business entity was providing us with such e-mails (Table II).

We used SPSS for quantitative analyses and MAXQDA for qualitative analyses.

2. 1 Some frequencies regarding receipt of messages

First off, we wanted to find out if time of receiving a message has any importance. We have analyzed the frequencies regarding day of the month (to see if fraudster send messages for times when pay checks' are received) and month of the year (if special periods, like winter when more people are at homes or holidays where also more people are at home and more mail is send). Regardless of period there was no specialty. In our first analysis described in our first paper, we notice that there were slightly more messages received in February and November, but we concluded that those more frequent occurrences in mentioned months have no practical significance. With some new messages composing our database similar result were found (Figure 2).

Despite the fact that new samples in the database were not gathered trough the whole year, we still believe that because messages are sent from list of countries and because there is only small oscillation regarding months of recipient, that time of recipient does not play an important part. Messages are being sent constantly no matter the time of the year.

2. 2 Consistency of message content

We first compared newly acquired e-mails with some examples of messages, that were received by various people in 1997-2005 period. Total of 11 messages were compared. We discover that basic narratives of sampled messages did not change trough time. They still include:

  • The a proposal for transfer of questionable funds of huge amount (all amount mentioned are of several million dollars in booth analyzed periods (also pounds and euro appear), with the exception that in average sums and percentage that are offered in messages of new period are higher).
  • Owners of the funds still die from the same reasons (plane crashes, natural disasters, etc.).
  • Or are somehow otherwise parted with their money due to globally know reasons (deposed dictators, corruption, etc).
  • Because the 1997-2005 database is obsolete we have decided to re-examine the basic information in view of newer occurrences. We first conducted primary frequency analysis of the variables in the database. We then compared 20 random senders' names, company names, and e-mails with online fraudulent letter databases that are run and kept by volunteers. We also used Google for searching examples of “when” and in “with what contend” has the name from our database reappeared. Results are shown in Table III.

    We have notice that stories do reappear and so do the names, yet not often in the same combination.

    There are some new narratives that are adjusted to the current world situations1. But in majority of cases we note similar finding that were also find by Schaffer (2012, p. 166) :

    […] individuals of different backgrounds claimed to have access to millions of dollars and offered to give the recipient of the letter some percentage of the wealth for helping dispose of the money in some advantageous way.

    Table IV summarizes “proposal” that were received.

    Thou we previously stated that AFF frauds are mechanized in such manner that victims give money voluntary and that is why no actual personal information is needed, we when analyzing what information is requested in messages, noticed that in messages of newer periods greater number of personal information is demanded.

    As seen from Table V there is limited evidence that messages from newer period ask for more information. The so-called lottery messages are the ones that ask for the most info. Only one message mentions a bank account, but does not ask for any info regarding it. Despite that message actually are not asking for banking information we still cannot say that asked info could not be used for breaching into peoples bank account. Data can be used for identity theft, especial when asked for scan or copy of a document. Such info is also used for future frauds, as we have discovered, when we analyzed a message that was send after one of the recipients replayed. First message did not ask for any information, noir did it state exact “business proposal”. After receiving a replay, fraudsters send another message (only couple of hours past) where he/she did ask for several information and attached copy of “his” passport. We could not confirm if passport picture was in anyway manipulated (“photoshoped”) or if it was a product of previous fraud.

    2. 3 Targeting

    In most of the cases the messages are sent to undisclosed recipients. From 70 messages, only one in the old database was personalized (incorporated receivers first name) and only four in the new database (Table VI).

    In one occasion there was also included the newly acquired; “Dr” title. This indicates that e-mail addresses are striped from the most up-dated databases. We assess the messages with the combination of included name and customized content as the most dangerous and persuasive. There can be seen some instances, where the receiver of messages beside sometimes receiving typical messages occasionally receive some a little more fine-tuned messages that make an appeal to its professional occupation. In our case, there were three messages that go in line with our occupation (academic sphere). Thou there were included in the analysis only once, we have in fact received them multiple times, with only minor changes (different paper or conference). This indicates that senders had or still have access to certain database, where e-mails of researchers and academic are stored. Because one of the authors uses a Gmail account for academic purposes and does not use faculties domain ( and he have received such messages, we can exclude the idea, that customized messages are send only by suffix (.org,.edu. uni, etc.) determinant. Conference proposals are also well designed, incorporating number of details (conference programs, chairs of panes, participants CVs, etc.) and are therefore extremely hard to recognize as fake. We could say that this is a form of spoofing.

    Those employed in business entity received a number of job proposal. Otherwise classic messages (lottery, un-claimed funds, etc.) are sent randomly to all possible e-mail addresses.

    From the era when messages were send in a form of classical mail, address of receivers were acquired from business entities databases, that is legal...

    To continue reading