The Nigerian Prince Scam is one of the oldest tricks in the Internet playbook, but appears to be targeting small businesses in the age of social media.
If you have been around long enough to witness the rise and fall of Tech trends, you know that the Nigerian Prince email scam is a strong contender for the oldest hustle on the Internet. It has literally been decades since the first of its kind was circulated among a slew of those privy to email correspondence.
If you have yet to encounter such an email yourself, its basic premise is something of an online quid pro quo: That is, if you send the messenger something of (monetary) value, you, the recipient, are promised a sizable sum of money. You’d be surprise to know that this Nigerian Prince scam (and its many iterations) still trips up most gullible users, despite increased awareness and a maturing Internet population.
But make no mistake: The tactics of these online scam artists have evolved in near-lockstep with the privacy and security mechanisms provided by our favorite email clients. The following attributes do not only the represent the “new face” of the Nigerian Prince scam, but underscore why it remains a formidable challenge in a progressing online society.
Better organized groups
At present, the Nigerian Prince scam is largely carried out by cult-like organizations in West Africa. Each of these groups have their preferred platforms and attack vectors for repeating success, sharing information, and quickly adapting when certain schemes prove to be fruitless. One well-known gang in this sector of cyber crime is the Yahoo Boys, described as “undergraduate con men” that target users of Yahoo’s mail services.
Better tailored attacks
In the past, scammers would send the exact same email to a multitude of addresses in hopes of someone taking the bait. The effectiveness of this approach quickly dwindled and may very well be obsolete by today’s standards. Scammers nowadays have been known to carry out strategies of hawkish proportions: Plans that take weeks to organize with the assistance of keyloggers and other simple programs that are embedded in the emails they send to unsuspecting victims. The account credentials they are able to lift are used to exploit users both socially and financially, and to engineer attacks against them in the future.
Different target demographic
Also in the past, the likely targets of a Nigerian Prince scam were those “less-than-tech-savvy” grandparents with little-to-no idea of how wicked a place the Internet can be. These days scam artists seem to be targeting businesses, and smaller businesses are more prone to fall victim of a Nigerien Prince scam. As described above, attackers and scam artists have become far more sophisticated in their approach. The resultant scam could be as simple as pretending to be a member or employee of a company just to initiate some form of monetary payment.
Nigerian Prince Scam 2.0: A Change in the Script
As previously mentioned, the Nigerian Prince scam has many variations and is no longer restricted to the pretense of aristocratic persons. A differently-worded email might involve an employment opportunity in which the logo, letterhead and contact details of a reputable organization or individual are used. This is done to create a sense of authenticity and to encourage users to expedite their information—sometimes even their money for resume writing and other clerical services. A more obvious variation, however, is the lottery notification email. This scam prompts users for their personal information (and fee) to receive random lottery winnings. Many sectors of the Internet, including health and online dating services, have seen countless variations of the Nigerian Prince scam.
You’d think that by now most individuals would be able to spot a Nigerian Prince scam, and that decreasing its effectiveness should be fairly straightforward. Unfortunately, this isn’t always the case. As users of both email and Internet, our primary duty is to exercise caution when sending our information and money online. Even simple antivirus (AV) programs can help prevent key loggers and other malicious programs from invading your computer and mobile devices. Businesses, however, are advised to use security measures like multi-factor authentication, so that even if their user credentials are compromised, they will be alerted when scammers attempt to access their business accounts.
Click the image below for a modern example of a Nigerian Prince scam email: