Secrets behind the sophisticated spam scams
ReutersA recent poll called them one of modern life’s top irritants, but how do spam messages work? And in a world of constantly streaming information online, should you act like a scammer yourself if you want to win attention?
I woke recently to find a panicked email from an old colleague at the top of my inbox. He had, it explained, recently been mugged while staying in Manila, and urgently needed to borrow some money. My immediate thought was to reply, but then a dose of realism kicked in. I searched online for a selected phrase from the email and, sure enough, found multiple versions of the text reproduced among known scams. I left a message on his phone instead, saying his email account had been hacked – and that he should probably let his contacts know he hadn’t been mugged.
The email in question is known as the “grandparent scam”, because its best chance of success is among older people unfamiliar with the internet – and potentially willing to dispatch money to grandchildren in peril. As a piece of creative writing, it begins well – “I’m writing this with tears in my eyes...” – but then tails off into something distant enough from plain English to raise suspicions (“sorry if we are inconveniencing you, but we have only few people to run to now... this will enable us sort our bills and get our sorry self back home”).
If it had been written more convincingly, I might have spent the morning trying to work out if my colleague really was in trouble. Yet, from a spammer’s perspective, fooling me with a better initial email would have made little sense. I’m never going to send money to an alleged acquaintance without verifying their identity – and it would waste a good deal of a scammer’s time trying to construct something that persuades me that they were someone I knew personally.
In fact, it makes more sense for a scammer to send out messages that most people will identify as spam, leaving the sender free to devote their efforts to those who have effectively declared themselves to be naive or gullible. As Microsoft researcher Cormac Herley argues in his investigation Why do Nigerian Scammers Say They are from Nigeria?, “by sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favour.”
Spamming is a sophisticated global business – and part of this sophistication means wasting as little time as possible on the majority of internet users. As a 2012 paper on the economics of spam by research scientists Justin Rao and David Reiley points out, the global spam “industry” has revenues of just $200 million per year – not insignificant, but a startlingly poor return on 100 billion daily emails. Margins are low, and time-wasting is potentially costly. Even a few thousand sufficiently wised-up people replying to a classic “Nigerian Prince” email might, from the senders’ point of view, waste enough of their time to wipe out all hopes of profit from the scheme.
In this respect, spam is depressingly similar to some other online endeavours, ranging from misleading viral marketing to virtual video-game goods aimed at minors. Each uses the almost cost-free capacities of digital technology to target the most suggestible few – and to pass on unseen costs in wasted time, infrastructure and energy to everybody else.
Road to spam-a-lot
It’s not just email any more, either. Modern spam covers everything from tweets and forum posts to fake blogs, articles, phone calls and text messages. Little wonder that a recent British survey rated spam email and pressure selling as modern life’s top irritants (closely followed by call centres). In each case, what’s going on is a dispiriting mirror image of the ways in which technology can magnify the power of the individual. Mass accessibility is made an accessory to mass inconvenience, with a costly sting in the tail for those easily bewildered.
It’s also a realm within which there can be a fine line between persuasion, publicity and outright untruth, not least because – on the screens of our smartphones, tablets and computers – everything is constantly in competition with everything else. Many of us are desperately seeking a scrap of others’ scarce attention. And one of the easiest ways to win this attention is to act like a scammer yourself: to play the numbers game by spamming the world at large, and hoping the “most promising marks” will self-select.
It’s easier to copy and fire off a single message twenty times than to write a couple of original updates. Indeed, this kind of relentless repetition can feel essential if you want to have a hope of being heard, let alone if you’re trying to drum up interest in a new product or service. Courtesy of social media, spam approaches from hacked accounts may be an increasingly common approach; but so too are stand-alone spam accounts designed to look like real people; and real people and corporate accounts quite willing to engage in spam-like activities to serve their own ends. Google itself has been in the news for all the wrong reasons recently, thanks to a proposed $6 million settlement to a class action lawsuit over 400,000 allegedly spam text-messages sent by its apps subsidiary Slide.
Attention-seeking is far from the only game online, but it’s among the most ubiquitous – and the most seductive. Many online services, in fact, actively encourage their users to spam each other. More messages and interactions make them look good, and breed further actions. Quantity, not quality, is the bottom line.
So why not play the odds, copy your press release or status update to a thousand people, and then resend repeatedly to help it win through?
The answer, spam suggests, is twofold. What’s instant and easy for you is a cost multiplied across every recipient. But what works for spam is also, by definition, inadequate so far as any kind of informed decision is confirmed – or any kind of meaningful exchange.
You’re likely, in other words, to end up with the kind of attention you deserve: fleeting, unintentional, and probably rather irritated. This may be enough. But you should be aware of the company you’re keeping.