Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Do people really still fall for this stuff?

Question:

We all get dozens of rubbish e-mails about drugs, watches and, of
even more concern, bank and building society information/account
renewals. Is anyone still caught out by these spammers/villains? Surely
they only keep going because gullible people respond. Or am I
wrong?

You’re right, and you’re wrong.

Like you, for a long time I too believed that people just wouldn’t
be naive enough to fall for 99% of what shows up as spam.

I was wrong. Very wrong.

]]>

You’re right, in that spam only exists because at a fundamental level it works. If it didn’t work there wouldn’t be any reason for it, at least not in the quantities we see.

Most spammers now are typically illegitimate business people trying to make money. It’s a very practical decision: if spam didn’t make money they’d focus their attention elsewhere.

Clearly they’re not focusing elsewhere.

“Most spammers now are typically illegitimate business people trying to make money.”

I throw spam into about three major buckets:

  • Infection attempts. Most of the time these days these are attempts to infect your machine with a spam-sending zombie, so you might not notice. These emails typically ask you to open an attachment which causes the infection, or take you to a website where the infection is downloaded.

  • Product sales. These are trying to entice you to buy drugs, body enhancement aids, jewelry or the like at enticingly low prices. The problem, of course, is that most are scams, or the drugs are outdated, the aids don’t work and the jewelry is fake.

  • Phishing attempts. These are trying to entice you to provide your personal information by imitating some other legitimate site with which you may have an existing relationship. Once you give up your personal information, identity theft and credit card fraud follows.

I’ll actually add a fourth class of spam: legitimate businesses that don’t understand or follow best practices when it comes to emailing people. They’re not malicious, per se, but if I didn’t request it and you keep sending it to me, it’s still spam.

Now, it’s very easy to think that anyone who falls for these kinds of things is stupid, or at least naive or gullible. As you’ve said, we all get so much of it every day, you would think that absolutely everyone would know by now.

And you’d be wrong.

To begin with, the vast majority of computer users are not like you and I. To put it simply, they’re not as savvy as you think.

Let’s take an example: the infamous Nigerian 419 scam.

This scam has been around for years. In fact, it predates the widespread use of personal computers, starting out as a scam that spread by fax. I think most of us have heard of it, and it regularly makes the mainstream press as someone is, once again, taken in.

Let me summarize that: it’s been around for years, it’s publicized regularly, and people are still falling for it all the time.

It’s no wonder that spam gets enough of a “success rate” for it to remain viable.

I’d chalk it up to a combination of ignorance – not as a derogatory term, but simply meaning “not knowing” – and a dash of desperation.

As much as you or I may have heard about various scams and issues, we are not everyone. Even if 1% of the population hasn’t heard of a particular problem, or heard enough to take it personally or seriously, that’s 1% that’s vulnerable right there. And there are so many different types of scams or variations on scams, it’s difficult, if not impossible, to know about them all even at a conceptual level.

Now, consider that people are often in desperate situations, and that these are the very people that scammers target. Be it people who suffer from poor body self-image that they’re told can be solved with a pill, are in dire financial straights that could be wiped away by helping some overseas contact, or people who simply lust after goods and services they can’t afford any other way … these, and many others, are the people that end up making spam “worth it” to the spammer. (I also have to say that recent phishing attempts have been getting better – you don’t need to be anything but trusting to fall for something that really really looks like it might have come from your bank.)

The other part that factors in that’s difficult to comprehend is the incredibly tiny success rate that spammers need to make it worth their time.

Ultimately, spam costs the spammer next to nothing. And more spam costs … well, it costs nothing more. There’s no reason not to send a lot of spam, and in fact every reason to do so.

Consider this: you’re a spammer and you send out one million spam messages at a cost of nearly nothing, and exactly one person falls for whatever it is you’re selling. That’s one person’s worth of nearly pure profit. The other 999,999 who didn’t respond cost you nothing. In fact, you can likely multiply your profits by a factor of 10 by sending to ten million people the next time, at no additional cost.

In traditional marketing that’s a horrible “conversion rate” – one in a million, 0.0001%. But it’s nearly free money to the spammer.

So the bottom line remains: spam still exists because it works, and it doesn’t take much of a success rate to “work”.

And be it due to ignorance, gullibility, or simply not being as computer savvy as the rest of us, it only takes a few people to fall for it to make it worth the spammer’s efforts.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “Do people really still fall for this stuff?”

  1. A booming business in spam is job offers. Criminals from Africa and Eastern Europe send out spam claiming they saw your resume online and they’d like to offer you a job.

    Quite often the job is cashing forged checks (which they’ll tell you are from their clients) and sending the money out of the country by Western Union, or receiving and forwarding merchandise they paid for with forged checks or compromised PayPal accounts.

    I’ve got a large section of my blog dedicated to debunking job scams. Whenever one gets through my spam filters, I publish it and show how to spot the warning signs.

    And these get through my filters much more often than the 419 scams or illegitimate pill offers… except on Yahoo! mail which seems to let through a lot more 419 and fake lottery scams than Google.

    Reply
  2. A thing about Phishing. If the attempt does not seem all that outrageous you might fall for it. All the message I get from the KIWIBANK I ignore. However, I came close to falling for one that “came” from Network Solutions. The reason? A couple of years ago an ex-member of Board of Directors tried to steal our URL. This phishing attempt was almost successful because it didn’t come totally out of the blue. The only reason it didn’t work is because I went to the Network Solutions to check on our registration before following the directions in the email.

    Reply
  3. NPR’s This American Life had a feature on some internet “enforcers” who went after some of these “nigerian” hoaxers. Its the 9-12-08 show and its on-line at This American Life website.

    Reply
  4. I`m not only amazed that folk fall for this clap-trap but also that they actually admit it afterwards! I certainly wouldn’t want the whole world to know if I’d been a total idiot! I`ve read several articles in non-computing magazines about the good ol’ 419 scam being taken in, hook, line and sinker, by business people that you would think would be totally savvy to such dubious proposals. I suppose it’s old-fashioned greed that does it for some folk. Maybe they deserve to be taken for ride?

    Reply
  5. Aw, heck, I can top that one — a version of the ole’ Nigerian scheme actually featured in a case on Judge Judy (or, as I very affectionately call her, “Sludge Judy”) once!!!

    She (by whom I mean Judge Judy) didn’t give the low-grade moron an inch. Or a millimeter. Not a micron. Not so much as a single nanometer. She let her have it with both barrels, right on national television, which is JUST exactly and precisely what she deserved.

    I mean to say! — not just a low-grade moron, but a greedy low-grade moron, seeking something for nothing!!!

    Sheesh…!!!

    Reply
  6. If you get an email like being from your Bank you may fall for it, but normally they arrive by the dozen, so … how can you believe it?

    Reply
  7. I was interested to see Leo post this question because it is part of the same one I’ve had for a long time. And the answer is as I thought: some people really *do* fall for this emailed rubbish. The second part of my question was not addressed.

    I suppose I (and/or my email filters) are savvy enough to recognize the vast majority of the spam I receive. And most spam is so obviously junk it’s laughable. But, every so often, I receive one which appears very legitimate – especially ones supposedly from a company with which I do business. These emails I always forward to the company’s anti-phishing email address.

    The second part of my ongoing question is this: who is doing what about these rip-off artists? On occasion I read about some person or company “busted.” But not often. Does the US government actively pursue these disgusting reprobates? Do major companies actually do anything – or is forwarding emails to them a waste of time?

    Are the spammers so untouchable — located out of the country or otherwise smart enough to avoid detection — that they cannot be found, prosecuted and/or shut down?

    When I think about what these lower-than-life scum actually do I get so angry I think: find ’em … and then just nuke ’em!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.