FBI finally gets a conviction on one of the Internet's oldest spam scams
10:40 AM -- I got my first Nigerian spam message back in the late 1990s. It was long and involved, in broken English. It explained how the sender was looking to get hundreds of thousands of dollars out of the country, and I could make a bundle if I would only send a few hundred to cover his expenses.
And you know what? Nearly a decade later, I'm still getting those same messages. Sure, most of them get screened by my spam filter now, but those Nigerians are still trying, still hoping to get me to send those few hundred bucks. And I can't help but wonder: How long will this go on? Don't the cops ever catch these guys?
Well, on Christmas Eve, I (and a few million other spam victims) finally got my wish. U.S. authorities in St. Louis reported that they have received a guilty plea from a Nigerian man, Femi Ikuopenikan, who admitted to helping to steal $115,000 from a pair of brothers who had been told online that they would receive millions from Nigeria.
According to prosecutors and wire reports, Ikuopenikan worked for a group of criminals who had set up a bogus Internet-based bank called Hallmark Trust Financial. In 2003, the group promised one of the brothers that he could earn $6.7 million by transferring some money to its spurious bank account, the reports say. The brothers took the bait and sent six figures to the account, receiving nothing in return.
Ikuopenikan's lawyer is painting his client as a mere foot soldier in the phishing gang, but he's got pretty quick feet. The scammer was originally arrested in Houston, but fled to Canada after posting bail and was brought back to the U.S. in November.
With the guilty plea, we can finally say that somebody's been convicted in the age-old Nigerian scam, and with such a prevalent exploit, you'd think there'd be a big penalty. But no such luck -- Ikuopenikan faces a maximum of five years in jail, and he'll probably get two or less, the reports say.
What's wrong with this picture? Law enforcement finally has a conviction in one of the industry's oldest and most annoying spam scams, and he's only going to get two years? Why don't we just print fliers and drop them over Nigeria, inviting them to spam us some more?
The problem is that the Nigerian scam is so easy to pull off. The Nigerian government isn't much interested in prosecuting the attackers, because their "victims" are essentially agreeing to help embezzle money from its coffers. U.S. officials typically have trouble pinpointing the attackers, because they're spread out all over the world. And even though most users know enough not to open these barely-disguised scams, the criminals still stand to make a ton of money from the boneheads who fall for this shtick.
In a nutshell, it all means that despite this week's conviction, the Nigerian scams will likely keep occurring -- no matter how old it's gotten. As long as there are stupid people in the world, these attacks are still good business.
I'd write more, but I've got to go. I've got a full spam filter to clean out.
Security Job #1 For FedsThe 2014 InformationWeek Government IT Priorities Survey shows federal IT pros care about security - itís rated as very important by 69% of respondents, 30 percentage points ahead of the No. 2 priority, disaster recovery. Will the upcoming NIST cyber-security framework help manage risk?