Emphasis on _most profitable_ here. Clearly not the only one employed. Also, this mode applies mostly to spam; there are a number of other ways of filtering the victims who will take interest, be more gullible, or get hooked that do not require being obviously dubious.
On Wed, Jun 20, 2012 at 1:56 PM, Tim Dierks <[email protected]> wrote: > This is an interesting paper that presumably has implications for other > social engineering schemes beside financial > scammers: http://research.microsoft.com/pubs/167719/WhyFromNigeria.pdf > > ABSTRACT > False positives cause many promising detection technologies to be unworkable > in practice. Attackers, we show, face this problem too. In deciding who to > attack true positives are targets successfully attacked, while false > positives are those that are attacked but yield nothing. > > This allows us to view the attacker’s problem as a binary classification. The > most profitable strategy requires accurately distinguishing viable from > non-viable users, and balancing the relative costs of true and > false positives. We show that as victim density decreases the fraction of > viable users than can be profitably attacked drops dramatically. For example, > a 10× reduction in density can produce a 1000× reduction in the number of > victims found. At very low victim densities the attacker faces a seemingly > intractable Catch-22: unless he can distinguish viable from non-viable users > with great accuracy the attacker cannot find enough victims to be profitable. > However, only by finding large numbers of victims can he learn how to > accurately distinguish the two. > > Finally, this approach suggests an answer to the question in the title. > Far-fetched tales of West African riches strike most as comical. Our > analysis suggests that is an advantage to the attacker, not a disadvantage. > Since his attack has a low density of victims the Nigerian scammer has an > over-riding need to reduce false positives. By sending an email that repels > all but the most gullible the scammer gets the most promising marks > to self-select, and tilts the true to false positive ratio in his favor. > > - Tim > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
