# projects

## Understanding Persuasion in Fraud Transcripts

An interesting question about a lot of advance-fee and other fraud, where the victim has to trust a relative stranger, is how exactly the conman persuades the victim to do this. Of course, there is usually a case of material interest presented to the victim, but this isn't a sufficient explanation -- people know scams exist, may even have been scammed before themselves, but still are talked into handing over money. From a linguistic and psychological perspective, this is interesting for building detection systems and coming up with intervention strategies.

### Literature Review

The scope is constrained to advance-fee fraud emails and the important elements of their content, victims and perpetrators as they pertain to the persuasion of the victim. The lack of standard terminology is unhelpful -- authors will refer to 'spam' or 'phishing' and sometimes include advance-fee fraud.

• Rusch, 1999 The 'social engineering' of internet fraud.

The author uses Cialdini as their model for understanding online fraud, and discuss one pertinent example from early Yahoo email history: users were contacted about having won a 56k modem, and had to provide card details in order to pay a small shipping cost. The authors identify the use of false authority and reciprocity.

• Smith et al., 1999 Nigerian advance fee fraud.

Describes the advance fee format, operating as handwritten letters "or, recently, electronic mail". They mention the interactions being activity of 'questionable legality' for the victim, acting as cover that prevents victims reporting losses to the police, along with the usual shame over gullibility. They mention this as contributing to re-victimisation. The political background of Nigeria is mentioned as providing plausibility for the stories of discovery and discreet removal of funds from Nigeria. Contains an example of a threat of violence, victims carrying out crime to send funds to Nigeria, and an old scam from 1840s Australia.

• Buchanan & Grant, 2001 Investigating and prosecuting Nigerian fraud.

Summarises Nigerian fraud as it relates to US law enforcement, with a primitive typology of the fraud itself. Discusses some of the US organisation behind anti-fraud activity (the Secret Service), and reports in detail on three cases, summarising some prosecution and disruption difficulties.

• Duffied & Grabosky, 2001 The psychology of fraud.

Discusses the motivations behind fraud of different types, including electronically-mediated advance fee fraud. Greed/dishonesty, but also financial strain, power-hunger, professional pride, manufactured justifications (just deserts rationalisations) and support from cultural context (everyone's doing it). Online mass-market fraud in particular highlighted as reducing the required level of callousness (lack of social cues reducing influence of social norms and constraints) compared to personal fraud which requires a lack of remorse, possibly an antisocial personality disorder marked by impulsiveness, victim-blaming and 'dog-eat-dog' rationality.

• Grabosky & Duffield, 2001 Red flags of fraud.

Builds on Duffield & Grabosky, moving from motivations to indicators. Suggestions for mass-market fraud include "too good to be true" offers, discounts for finding other members, some references to Australian scam information sites (no longer online). Generally pushes consumer awareness of fraud variants, and 'patrolling' the internet for examples.

• Langenderfer & Shimp, 2001 Consumer vulnerability to scams, swindles and fraud: A new theory of visceral influences on persuasion.

References a number of salient fraud examples (Albanian collapse, Chinese violence, customs scams) and prior work by the AARP on vulnerability factors. These studies seem hard to find, so their summarised results:

• AARP, 1994: "the U.S. Office of Consumer Affairs has estimated that 85% of all consumers have been deceived, defrauded, or cheated in some manner."; 957 participants were investigated to shed light on consumption of elderly consumers. Primary contribution was a 'vulnerability index' that measures the extent to which consumers theoretically were vulnerable. Four subscales of a. knowledge of sources of information for consumer problems; b. knowledge about consumer rights; c. openness to appeals from marketers; d. knowledge of misleading sales practises. though none of these were gathered for actual fraud victims.
• AARP, 1996a: 745 telemarketing fraud victims were examined on a demographic and behavioural basis. "A roster of victims was obtained from lists maintained by the swindlers themselves and shared with AARP by law enforcement. Although victims were often affluent and socially active, they were also found to be unable to tell a legitimate offer from a scam and to lack the ability to hang up on telemarketers. Additionally, although victims were found to be generally socially integrated, they were more likely to live alone than older Americans in general, and also less likely to seek advice on financial matters than nonvictims"
• AARP, 1996b: focus groups with victims and non-victims about behaviour. Suggests that nonvictims will hang up on telemarketers, but victims will not. The three types of victims suggested are (a) repeat victims unable to distinguish scams, (b) wary of telemarketers but unable to control situation when they stay on the line and (c) those who have become cautious through exposure.
• AARP, 1996c: 865 Americans over 50, surveyed for incidence of telemarketing (over half report an attempt at least once a week).

This paper itself highlights the use of victim response as pre-selection for a scammer, and some of the processes involved. Note that of the two possibilities

1. Scam victims carefully evaluate an offer but fail to notice the scam.
2. Scam victims do not carefully evaluate an offer and don't consider the possibility of fraud.

There is evidence for both -- some victims cannot distinguish between legitimate and illegitimate transactions even when called to careful scrutiny. At the same time, scammers clearly make use of 'visceral influences' (i.e. greed, desire, pity) and prior studies find this an important dimension. Apply the ELM in a model whereby a victim either does not pay attention to the message and is motivated by peripheral causes, or pays a lot of attention to the visceral reward offered rather than dubious elements, and is again motivated by peripheral causes. Causally similar, but distinguishes between vulnerability under low motivation (low attention) and under high motivation (distracted).

The authors survey 69 offices from the Better Business Bureau, who in open-ended responses perceived victims as being elderly (65.8%), poor (36.9%), lonely (20.5%), trusting (17.8%), of limited education (16.4%), young (16.4%), greedy (12.3%), desperate (9.6%), gullible (9.6%), single mothers (9.6%) and fantasy prone (6.8%). Opinion on closed characteristics largely agrees -- officials think of victims as trusting, gullible, fantasy-prone, elderly, greedy and lonely. They suggest as factors for further study: (1a) low-reward scams, (1b) high-reward scams, (2) social isolation of victims, (3) cognitive impairment, (4) gullibility, (5) 'Consumer Susceptibility to Interpersonal Influence' (CSII), (6) Skepticism and (7) Scam knowledge, hypothesising 2-5 as causing greater response to low-reward scams, 6&7 causing less response, and none affecting high-reward scams except for (8) self-control.

• Suggests blocking outgoing email fraud at the ISP level, for their own interests. Discusses source problems in Nigeria, references to official corruption in the solicitation emails. A survey of X-Orginating-IP headers in 1000 emails found 12% spoofed or untraceable, 4% from webmail and the remainder gives:

Count % IP Location
325 37% Specific Nigerian ISPs
262 30% Satellite providers to Nigerian ISPs
131 15% Netherlands
82 9% West African countries
32 4% USA
25 3% South Africa
26 3% Europe excl. Netherlands

Edelson refers to scammers using contact details (telephone and fax) which change over an operation, as well as websites mimicking banks or other organisations. Satellite providers are their main ISPs. Mentions scambaiting on Scamorama, suggests this might be a good solution. Also mentions email account compromise by hacktivists.

• Dutton & Shepherd, 2004 Confidence and risk on the Internet. TODO [locate]

• Dixon, 2005 Nigerian cyber scammers.

Newspaper article, reporting on an interview with an ex-scammer, 'Samuel'. Seems to be a source for a number of anecdotes about scam operations, including:

• Nigerians painting 'house not for sale' on their homes when vacationing.
• Email scammers prefer hitting Americans, have specific support infrastructure. 'Maghas' are greedy and complicit.
• I Go Chop Your Dollar -Osofia is a scammer anthem
• Lack of remorse
• Send 500 emails a day, with return of 7 (1.4%) (later figures of 23-40 victims a month show either much lower average output or lower turnover, that rate would mean average of only 135 email/day)
• "When you get the reply, it's 70% sure you'll get the money." (so 4.9/500 ~= 1% of sent email returns profit).
• Scammers happy to spend months working on $1000 returns due to economic disparity and multiple leads. Nothing particularly revelatory, but citable source for inside information. • Dryud, 2005 I brought you a good news: An analysis of nigerian 419 letters. TODO • Barron, 2006 Understanding Spam: A Macro-textual analysis. TODO • Provides an overview of advance-fee fraud, with examples and variants such as the bounced cheque refund. Reports on internet fraud rising between '97 and '98 (writing in 2006), the role of email in displacing mail & fax. Ties Cialdini's principles to advance-fee fraud through argument, focusing on authority, reciprocity and scarcity. • Approaches advance-fee fraud in (n=97) emails from a rhetorical analysis background. Describes three broad forms of scam plot (bank with deceased client, relative of deceased, help donate) [I'm surprised the author didn't see more variants than this in 97 emails]. The sample was mostly (32%) from Nigeria, and 54% come from Nigeria, Benin, Ghana, Ivory Coast or Burkina Faso. Kienpointner identifies the obvious appeal to quick and easy wealth, (which they label argumentum ad avaritiam because apparently it's important to have some Latin to throw around), appeals to compassion (ad misericordiam) and appeals to religious authority (ad verecundiam). The figures were Fallacy Count % avaritiam 77 79% misericordiam 15 15% verecundiam 5 5% They also analysed the presence of various suspicion-reduction strategies, such as anticipating the surprise of the recipient, stressing that this isn't a hoax, referencing external evidence, stressing their trustworthy credentials, or flattering the reader's vanity. Ploy Count % None 42 43% Vanity of reader 18 19% Letter is a surprise 16 16% Letter is no hoax 7 7% Ethos of writer 7 7% External "evidence" 4 4% The authors go on to a more qualitative analysis of some of the approaches used, including • For avaritiam approaches: guarantees of no risk, appeals to the recipient's honesty to distract from their own (clear) dishonesty, postulating future regret about letting the money be reclaimed by the state, etc. • For misericordiam approaches: the 'nowhere else to turn' statements, flattery of recipient, appeals to religious authority. • For verecundiam approaches: again flattery, religious appeals. They come to no very strong conclusions, but they do quantify some less examined aspects of emails. • Cukier et al., 2007 Genre, narrative and the 'Nigerian Letter' in electronic mail. Genre analysis of (n=111) unique advance-fee fraud letters gathered over 12 months. Preserves a BBB figure about response rates being estimated at 1-5%. Suggests the process is predicated on escalating commitment and the illusion of great wealth 'just one email away', with victims convinced by official-looking seals or even discussions in Nigerian Government buildings. Describes the recruitment of students, the wealth-centric culture. Notes the lack of explanation for why the target was selected, the right of the writer to the money, scarcity indicators, the unusual length and detail (to increase intimacy), the 'ornate and pleading' language (w.r.t. religious allusions). Notes that many targets are other Nigerians. Describes the appeal as "greed laced with pathos", but also the powerful impact of narrative in allowing the reader to play a mythical role. Mentions evolutions including 'American soldier' stories. Includes the 'Go Chop Your Dollar' song. Uses Cialdini to a lesser extent. • Grimes et al., 2007 Email end users and spam: Relations of gender and age group to attitudes and actions. TODO • Holt & Graves, 2007 A qualitative analysis of advance fee fraud e-mail schemes. Qualitative analysis of the content of (n=412) advance-fee fraud emails, collected from the authors' own email inboxes, which were protected with spam filters (so a convenience sample). Sender domains were noted to be from around the world (incl. Italy, UK, China, Zaire, Russia). Emails were coded using grounded theory based on the stated credentials of the sender and the reason for their approach. The scam story approaches used were (reproduced): Scam Type Count % Fixed Fee Transfer from Bank 124 30.00 Business Solicitation 57 13.80 Won Lottery 37 8.90 Fixed Fee Transfer from Inheritance 36 8.70 Handle Over-drafted Contract 27 6.50 Fixed Fee Transfer from Barrister 24 5.80 Consignment Transaction 23 6.00 Help Donate to Charity 21 5.10 Fixed Fee Transfer for Investment 20 4.90 Fixed Fee Transfer from Government 17 4.10 Help Invest Overseas 10 2.40 Fixed Fee Transfer to Account 10 2.40 Banking Transaction 3 0.70 Fixed Fee Transfer from Diplomat 3 0.70 Notes on the structure and content include the use of urgency markers, cordialities like 'friend', and subject-specific material in the email subject line. Message openings (92.5%) used gender-neutral phrasing like 'dear sir/madam' or 'dear friend'. Most (75%) then began with statement of a male, authoritative identity. Some (25%) provide a physical business address. Most (75%) gave no indication of how the recipient was identified. Lottery messages explained the selection was at random from a large number of email addresses. Some others (18%) reported that the sender found the recipient's details online. Dollar figures presented for transfer ranged from$90,000 to \$423,000,000. Recipients were offered 10-40% of these figures. Many (47%) stress the need for confidentiality. Most (83%) stress the need for urgency. 'Half' asked for personal information. 'Many' stressed a lack of risk to the recipient. 'Some' state they are seeking trustworthy people. Some (15.2%) linked to news stories that validate their claims. Most (81.3%) had written errors, from misspellings to grammatical errors. The authors wonder whether these are deliberate attempts to validate claimed African origins (42.3%).

The authors make note of the senders' interest in personal information, as a potential avenue for identify theft, suggesting this is really the key purpose of the exchange. They also identify a consistency of message patterns which suggests scripts or templates are being used for generation.

• Kumaraguru et al., 2007 Protecting people from phishing: The design and evaluation of an embedded training email system. TODO

• Shadel & Schweiter-Pak, 2007 The psychology of consumer fraud. TODO

• Chang, 2008 An analysis of advance fee fraud on the internet.

Redraft. The author reviews some received solicitation emails (n=6) received between August '06 and January '07. He distinguishes between 'central' routes to persuasion (argument for objective merits) and 'peripheral' routes (i.e. System 1 & 2). He uses Cialdini's six principles of influence to account for the persuasion in scam emails, finding traces of:

• the authority principle in scammer adoption of expert or high-status identities, and reference to external authorities that validate parts of the story given (a BBC story about a plane crash, to validate claims of abandoned sums from victims).
• the reciprocity principle in scammer promises of money to be shared.
• the scarcity principle in scammer setting of deadlines or highlight of special qualities of the victim that make them suitable (the right last name for an inheritance scam, etc.).

All told, a rather small qualitative evaluation, but does use source texts.

• Works from Petty & Cacioppo's elaboration likelihood model, and through Cialdini's six principles. They distinguish 'normative commitment' (commitment from a reciprocal exchange or promise) from 'continuance commitment' (commitment due to sunk costs) from 'affective commitment' (commitment from sense of group identity or membership). They examine these, along with trust, obedience and reactance (to scarcity tactics), and some demographics, in trials of phishing & telemarketing techniques on 588 participants, alongside self-reports. They found that all of the personality factors except reactance were significantly associated with vulnerability -- i.e., scarcity was not effective in this domain. They also report positive associations with victimhood for level of education.

• Very comprehensive effort at explaining scam victimisation and re-victimisation. Includes four studies: (1) in-depth interviews with 25 victims and 5 relatives, and transcript analysis; (2) text mining of emails for psychological data; (3) questionnaires for the general public; (4) behavioural experiment delivering a 'simulated prize'. Criticises prior work as scarce, descriptive and making little attempt to gather data [yes!].

Study 1 found that:

• visceral triggers were strongly supported (mostly money, or desperate need for said)
• victims found advance amounts required paltry (i.e. not worth agonising over)
• strong support for scarcity motivations being successful
• support for persistence of approaches paying off in reduced attention
• scammers use mood regulation, spell out future benefits
• behavioural commitment created, mostly via telephonic interaction
• sunk costs
• victims overestimate protections/control they have over situation
• victims are overconfident in own ability
• victims 'take the road less travelled' because 'you never know'
• high quality of communications, websites, were convincing
• people with more background in an area were more vulnerable (overconfidence bias).
• some evidence of social proof in effect (fake testimonials)
• confirms Langenderfer & Shimp's idea that high motivation used to prevent cognition.
• victims hide decisions from real-life people. Conclusions were that novel insights are prize-cost disparity, and the superposition of belief in victims leading to both commitment and concealment.

Study 2 analyses the text of 583 mostly postal but some email and website communications. Breakdown was advance-fee scams (n=62 mail and email), sweepstake scams (223 mail), clairvoyants (46 mail), prize draws (83 mail), get rich quick schemes (20 mail), bogus investment (6 mail), bogus lottery (68 mail and email), miracle cures (11 mail & web), premium rate prize draws (35 mail & inserts) and racing tips (29 mail). Perform largely uninformative word frequency ranking, and more useful classification. Texts analysed:

• elicited behavioural commitment (98%)
• mentioned size of prize (97%)
• stressed trust and security (97%)
• induced scarcity (97%)
• used emotional triggers (93%)
• invoked sunk cost effects (64%)
• 'aimed to induce an unreasonable degree of confidence'? (54%)
• stressed regret if opportunity not taken (52%)

with triggers largely uncorrelated beyond what would be expected by chance (i.e. these cues are independent). Authors note correspondence between these and the discussion of interviewees in Study 1 (you would expect this due to confirmation bias if nothing else, given the woolly nature of these abstractions). Lotteries used more personalisation, advance-fee fraud relies on mutual cooperation, clairvoyants encourage dependencies.

Study 3 used a postal questionnaire to a psych research group at Exeter (103 usable) and households in Somerset (116 usable). Of the former group, 11% were victims and 9% were near-victims, for the latter it was 10% and 3%. Scores about factors for judgemental error show that in both populations, victims scored higher, usually significantly, for nearly everything queried, except for 'negative attitude towards scams'. Notable: visceral triggers, scarcity, behavioural commitment, sunk costs, trust. However, most people respond below 5 on a 0-10, non-victims just respond mostly 0. Victims report more effort into understanding scams.

Study 4 sends out controlled scam mail in the post. Ethics prevented them doing this properly, so they sent a questionnaire with the mail, two different ways (one where the reader sees the scam first (525 usable, 14.7% victims), one otherwise (422 usable, 16.1% victims)). Variables manipulated were:

• size of prize (L or H)
• 'official' style (N or O)
• visceral triggers (N or V)

Across all categories, prior victims had most intent to respond, least dislike of the scam. Size of prize was most important, followed by a statistically discernible effect for visceral triggers, for intention to respond. There was some evidence for an interaction between viscerality and officialness in 'hot' cases, but no real difference from the 'cold' one. Researchers take this as support for idea of a sub-population of rubes who get revictimised.

• Chang & Chong, 2010 Psychological influences in e-mail fraud.

Analyses (n=14) advance fee emails (various conceits, only used as examples), arguing for various psychologically-grounded ploys based on post-decision commitment strengthening, the sunk cost fallacy, heuristic processing, high level of detail (representativeness heuristic), availability heuristic and positive affect. Suggests a possible victim profiling (lack of intelligence or self-control) but points out prior studies refuting value of intellect if subject is not forewarned, suggests Google et al. should display anti-fraud popups all the time.

• Ross & Smith, 2011 Risk factors for advance fee fraud victimisation. TODO

• Akbar, 2014 Analysing persuasion principles in phishing emails. TODO

• Uebelacker & Quiel, 2014 The social engineering personality framework.

Theoretical work only. The authors use Cialdini as a basis for understanding social engineering, and provide a literature review on the interaction between Big-5 traits and vulnerability. They map Big 5 characteristics to the influence principles which should be most effective (i.e. high-conscientiousness should be more susceptible to commitment, high-extraversion to social proof, etc.).

• Ferreria et al, 2015 Principles of persuasion in social engineering and their use in phishing.

The authors combine Cialdini's 6 principles, Gragg's seven psychological triggers, and Stajano et al.'s seven principles, coming up with five principles of persuasion (authority, social proof, likeability, commitment and distraction) they consider to encompass the effective areas. They apply these to collected solicitation emails for various phishing, malware and fraud scams (n=30+15+7=52). They find that overall, their likeability principle is the most common, followed by distraction and then authority and commitment. Within the fraud subset, commitment outranked authority, highlighting the dynamics which differ from phishing for these transactions.

### Annotated Scambaiter Corpus

Scambaiters are people who like to waste the time of advance-fee scammers. Typically, they respond to a mass-marketed solicitation, pretending to be a duped victim, and then lead their scammer through a series of ridiculous hurdles and delays, often trying to get them to provide some token gesture like taking a ridiculous picture of themselves. Though they occasionally forward information to the authorities about scammer bank details, hosting providers, etc., they for the most part are vigilantes aimed at low-level disruption of advance-fee operations, and their own amusement.

The latter part is quite important, because it means that the scambaiters release full transcripts of their conversations with scammers. While various researchers have collected some examples of scam solicitation messages, relatively little attention has been given to the rest of the exchanges between scammer and victim, in part because this data is difficult to obtain. Scambaiters are not victims -- in many ways they more resemble the scammers themselves -- but their transcripts nonetheless give some insight into how these conversations proceed.

As well as working with some limited victim data (which cannot be released), I have been collecting scambaiting exchanges from various online sources and processing them into a common format. The main hurdle in any of this is the varied, sometimes unclear formatting that scambaiters use, which makes it hard to write automatic processing or do any non-manual analysis. So far I have worked on data from:

Other data: