Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Will Generative AI Kill the Nigerian Prince Scam?
A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past.
September 20, 2023
It was nearly two decades ago that Weldong Xu, a 38-year-old Harvard professor, was arraigned at Roxbury District Court in Massachusetts. Sitting behind a plexiglass barrier, wearing a leather jacket and large, thin-rimmed aviator glasses, he faced a cash bail of $600,000.
Xu had taken in a six-figure sum by promising 35 of his friends, students, and associates that he was raising money for SARS research. One of those 35 even remortgaged his house to help out. But in the end, Xu sent the entirety of it to Nigerian email scammers.
The Harvard professor never received the $50 million he was promised in return. In the years since, his story has served as a parable for those who think they're too smart to fall for a simple scam.
Intelligence on its own isn't enough, and nothing we've tried in the past 20 years — spam filters, phishing awareness initiatives, or the maturity that comes with more collective time and experience spent with the Internet — has managed to keep people from falling for this oldest trick in the book.
As recently as 2019, according to ADT, Americans lost over $700,000 to Nigerian Prince scams (heretofore referred to by the less culturally charged name "advance-fee fraud"). And businesses aren't immune, either. Abnormal Security earlier this month reported tracking over 1,000 advance-fee attacks targeting organizations, from around 70 unique email domains.
"My name is Mrs. Rita Dominic, a citizen of India based in my adoptive Country Ivory coast. Actually I am in the hospital due to my cancer sickness and made me contact you regarding this vow."
The problem is only going to get worse. Criminals are already adopting generative artificial intelligence (AI) to write more convincing stories with better grammar and at a scale never before achievable.
Or maybe that won't make one bit of difference. Maybe the very qualities that make generative AI so useful for other phishers will finally render advance-fee scams a thing of the past.
How the Advance-Fee Scam Works
One need not dig too deeply into one's own inbox to find an example of an advance-fee email.
"I got one this morning," says Deborah Schaffer, Professor of English Emerita from Montana State University Billings. "It was a nice bit of serendipity [before this interview]."
In 2012, Schaffer published a study on the linguistic features of advance-fee emails, which in the decade since have not changed one iota. The premise is familiar: There's a large sum of money somewhere, and for a small upfront fee the lucky recipient of the email can help the writer obtain it and then share the windfall.
"The content is usually explaining just enough about the sender's situation to make it sound like it could be really important," Schaffer explains.
"I have an urgent project donation which is 5.5 million us Dollars."
"There's always an element of urgency — 'please respond immediately,' that kind of thing," she continues. "Government officials, secret bank accounts — 'we need help to get this money out of the country or invest in your country.' They almost always apologize for intruding on the reader's attention, but they have something that's too good to pass up. The salutation is always polite, sometimes overtly appealing to certain interests, like religious interest."
This same basic structure has worked since long before the Internet.
"It's too easy for people to say, 'Well, I don't have to say yes. I'll just ask for some more information.' And once they do that, they've opened the door to all kinds of persuasive strategies that will work on a lot of people unless they're constantly on their guard," Schaffer explains.
"And I want to hand over this project to you if you can reach me back since my situation here in the hospital can't allow me to proceed on this divine project"
"But," she adds, "a lot of these letters — and here's where I'm thinking AI is going to change things — they're just dead giveaways that they're not written by native English speakers."
How Generative AI Could Boost the Advance-Fee Scam
Like many, Schaffer sees ChatGPT as an inflection point in history.
"I'm convinced that generative AI is going to affect everything — every form of communication, every way that people think about the world and communicate with one another," the lifelong English scholar predicts.
For all of its positive uses, AI chatbots are already enabling cybercriminals to write more convincing phishing material more quickly. Folks like "Mrs. Rita Dominic" stand to greatly benefit.
"I've gotten emails from people who say that they're in England or Australia, and they're clearly not native speakers of English. Those are just enough red flags to make readers pause and say, 'Wait, is this legitimate?'" Schaffer explains.
Soon, though, that red flag will be concealed.
"I suspect AI is going to clean up everything," she says. "You're going to see things written consistently in good English and polish matching your own dialect."
Likely as this sounds, however, it isn't necessarily a given that better writing would actually aid advance-fee scammers at all.
"And I will hope to hear from you as soon as you receive this mail for more procedures. Assure me that you will act accordingly as I Stated herein. Hoping to receive your response immediately with your full contact information"
Will Generative AI Actually Help Scammers at All?
Two months after Schaffer's paper was published, another paper offered a different view of advance-fee linguistics. In "Why do Nigerian Scammers Say They are from Nigeria?" a Microsoft researcher posited that the obviousness of the scam is actually the point of it.
"An email with tales of fabulous amounts of money and West African corruption will strike all but the most gullible as bizarre," the researcher wrote. But this, he suggested, was intentional.
"Since [t]his attack has a low density of victims the Nigerian scammer has an overriding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor."
By this logic, any errors, oversights, or other red flags in the content of an advance-fee email may only serve to filter the scammer's targets, making their job more efficient. Thus, AI's promise of cleaner prose and better storytelling may not even be a net positive.
For her part, Schaffer doesn't entirely buy into that line of reasoning.
"It's a very persuasive theory," she says. "I kind of buy it, but at the same time, I think a lot of the scammers are doing their best, and they just aren't experts at language manipulation and mastery of English."
Whether, in the end, generative AI completely revolutionizes or completely bypasses the advance-fee scam, the way we'll all have to deal with it will be the same. "People need to learn more about the kinds of scams that they're going to get in whatever form, and strategies for vetting them," Schaffer emphasizes.
"Thanks to your sister in Christ"
"If there's been a time when education for the whole world has been more vital, I don't know when it was. Right now we all need to learn how to protect ourselves," she concludes.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024