False positives cause many promising detection technologies to be unworkable in practice. Attackers, we show, face this problem too. In deciding who to attack true positives are targets successfully attacked, while false positives are those that are attacked but yield nothing.
This allows us to view the attacker’s problem as a binary classiﬁcation. The most proﬁtable strategy requires accurately distinguishing viable from non-viable users, and balancing the relative costs of true and false positives. We show that as victim density decreases the fraction of viable users than can be proﬁtably attacked drops dramatically. For example, a 10× reduction in density can produce a 1000× reduction in the number of victims found. At very low victim densities the attacker faces a seemingly intractable Catch-22: unless he can distinguish viable from non-viable users with great accuracy the attacker cannot ﬁnd enough victims to be proﬁtable. However, only by ﬁnding large numbers of victims can he learn how to accurately distinguish the two.
Finally, this approach suggests an answer to the question in the title. Far-fetched tales of West African riches strike most as comical. Our analysis suggests that is an advantage to the attacker, not a disadvantage. Since his attack has a low density of victims the Nigerian scammer has an over-riding need to reduce false positives. By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favour.
Therefore, Nigeria are having their e-mail privaleges revoked.
The great majority of these scams seem to originate really from Nigeria, even though they pretend to come from other origens such as Philipines, Congo, Zimbabwe and others. In some cases, it has been shown that the mails have been sent from the United States or Great Britain.
The volume of the fraud is staggering: The US Secret Service estimates a yearly loss of over 100 million dollars to this kind of scam, and opened a local branch in Lagos, Nigeria to combat the crime. Great Britain estimates 13 million dollars of loss, yearly. Some organizations estimate this scam to be Nigeria's second source of national income