Wednesday, February 26, 2014

As the Internet has grown and evolved, so has the volume and sophistication of online scams designed to fleece people of their goods and money.

One pervasive problem involves overseas “buyers” contacting people in the U.S. that are selling jewelry, smartphones, computers or auto parts on popular websites like Craigslist. Seemingly legitimate, these buyers will often offer a higher price than the item is advertised for, hoping to persuade the seller to ship the merchandise before fraudulent money orders or fake PayPal accounts are uncovered.

A multi-institutional team of cybersecurity experts that includes a University of Maryland computer scientist spent much of last summer investigating these online rip-offs, which are known as Nigerian advance fee or “419” scams. (The 419 designations represent a section of the Nigerian criminal code that deals with this type of fraud.)

The results of their three-month study, be presented Feb. 26 at the 2014 Network and Distributed System Security Symposium in San Diego, Calif., offers a detailed look into this nefarious world of digital thievery.

“We were looking for information on the scammers’ work patterns, their specific locations even if they were disguised by fake IPs, their online vocabulary in setting up these scams and any other unique, identifiable traits,” says Elaine Shi, an assistant professor of computer science in the Maryland Cybersecurity Center and a co-author of the report.

Shi, who also has an appointment in the University of Maryland Institute for Advanced Computer Studies, worked to design an automated collection system for the data.

Others involved with the project include Youngsam Park, a Maryland computer science graduate student advised by Shi; Damon McCoy, an assistant professor of computer science at George Mason University; Jackie Jones, a graduate student at George Mason; and Markus Jakobsson, a senior director at Qualcomm and noted online fraud expert.

To get their data, the research team placed carefully worded “honeypot” advertisements on 20 Craigslist sites across the U.S. These ads were designed to attract scammers but repel legitimate buyers by offering goods that were seemingly overpriced—a used iPad that was listed at a price equivalent to a new one, for example.

The researchers felt the scammers wouldn’t shy away from the higher price since they didn’t intend to pay anyway.

From the 1,300-plus online ads posted, the research team catalogued and analyzed more than 13,000 responses. Their data tracked everything from how the scammers worded their initial inquiries, to the follow-up emails between seller and buyer, to using sophisticated algorithms to identify specific locations worldwide that were a hotbed of scammer activity.

One interesting find, Shi says, was that the scammers were not as widely scattered as the researchers had anticipated and that they, as a rule, did not act independently of each other.

Data showed that more than 50 percent of the scams originated from approximately a dozen locations in Nigeria that the team identified as “scam factories.”

Ultimately, the researchers hope their findings will be used for recommendations that consumers can follow to lessen their chances of getting ripped off.  Other data could be used by international authorities tasked with trying to shut down the Nigerian scam factories.

To download the full report, go to http://www.cs.gmu.edu/~mccoy/papers/scambaiter.pdf

Contact: Tom Ventsias, 301-405-5933