The Scambot: Defeating Online Scammers with Automated Chatterbots

Hardly a day goes by without some online scam artist emailing me, usually with the standard Nigerian or 419 scam. You know, the ones that start with “Dear friend, I am an officer at a bank/government leader in exile/international merchant” and go on to outline why they need help retrieving some vast sum of money.

In the past, I have successfully wasted large amounts of these scammers’ time simply for amusement. Conceivably, if everybody were to do this, the amount of time the scammers would spend dealing with people who are just stringing them along might make the scam an unprofitable use of their time.

However, this would be far too time-consuming, especially since the scammers can send out thousands of emails at the click of a button.

That’s where the use of automated chatterbots come in. A chatterbot is a “computer program designed to simulate an intelligent conversation with one or more human users via auditory or textual methods”.

Basically, it’s a program that is designed to respond to things you say as though it is a human being. You can try one out by going here and clicking the “Chat with Alice” link on the left.

These programs are not very convincing when you know what you’re dealing with, but when someone is convinced they are chatting with another human being, the person can sometimes be fooled, often with hilarious results – for example, horny people trying to strike up sexual conversations in online chat rooms (warning, graphic content).

My idea is to apply this concept to scammers. A program to deal with scammers could be created that would work something like this:

  1. You receive an email from an online scammer. You forward this to another email address that belongs to the anti-scammer chatterbot (I’ll call this program the scambot from now on.)
  2. The scambot would receive the email and scan it for relevant keywords. (The scambot would already be set up to generally deal in subjects related to finances, bank accounts, retrieval of funds, etc.)
  3. The scambot prepares an email response and sends it to the scammer, thus initiating an email conversation with the scammer. Since the email will be coming from the scambot’s own email address, no further user action is required. However, the scambot will maintain a record of emails in thread format, allowing the user to step in and drop in some more convincing emails if the user wishes.

I believe that the scambot could waste large amounts of time for scammers for several reasons. First, many of these scammers speak English as a second language, so they are not as likely to pick up on cues in the scambot’s responses as a native English speaker.

Second, it would be possible to use social engineering techniques in the scambot’s initial responses that would help overcome the skepticism of the scammer. For example, the scambot could also pose as someone who speaks English as a second language, or as someone who is somewhat addled (e.g. an elderly person with a touch of dementia but a ton of money).

Finally, greed is a powerful motivator.

[tags]scams, 419, chatterbots, artificial intelligence[/tags]


Shameless Self-Promotion

Excuse me as I use my blog to boost search rankings for this Georgetown Ontario fitness club, whose website and logo we just finished. Feedback welcome. And of course, if you’re looking for graphic design and/or copy writing for print or web, let me know.


Bend Over, Sony

That’s the message right now for Sony BMG Music Entertainment, which is now being sued by the state of Texas and the Electronic Frontier Foundation (EFF), after two weeks of a blogger-fuelled firestorm over copy-protection software Sony put on some 50 CDs.

The software, intended to stop people from ripping music from CDs to their computers so they could download it to MP3 players or share it on the net, was first discovered by security researcher Mark Russinovich and then posted on his blog. Copy-protection mechanisms are nothing new, but this one was different, because it installs, without the user’s knowledge, what is called a rootkit.

A rootkit is a tool typically used by hackers and sometimes system administrators that runs invisibly on computers and gives its user total control. The problem with Sony doing this is twofold: first, it is installed without asking informed permission from the user, second, it poses a security risk because it can be piggy-backed on by hackers. When Sony capitulated and released an uninstaller tool, it was also found to present a serious security threat. Two malicious software programs that piggyback on the security vulnerabilities Sony has created in people’s computers have already popped up.

Now they’re getting sued in the US under anti-spyware laws. No legal action has been announced in Canada yet, even though Sony has sold 120,000 CDs here that have this problem.

This is one more sign that the music industry just doesn’t get it, something that alevo has written about before. They don’t get it from a customer-relations point of view, as Paul Graham writes in a great article about the new Internet (Web 2.0):

The web naturally has a certain grain, and Google is aligned with it. That’s why their success seems so effortless. They’re sailing with the wind, instead of sitting becalmed praying for a business model, like the print media, or trying to tack upwind by suing their customers, like Microsoft and the record labels.

But they also don’t seem to get it from a technological point of view. The absolute bottom-line is that stopping people from copying music from CDs to their computers, and then sending it to anything else – their MP3 players, burned CDs, or the entire world – is impossible.

When music is recorded, it is stored as a signal. The transmission and recording of signals has been wide-spread for decades. There is no copy-protection technology that will ever stop people from simply plugging their stereo into their computer, playing the music they want on their stereo and recording it onto their computer. There is nothing the music industry can do to stop consumers from recording songs from the radio onto their PCs either. The 21st century equivalent of recording 80s hits on your boombox and then making tapes for your highschool sweetheart cannot be eliminated with even the most obtrusive software.

All the recording industry can do is try and make it more inconvenient by coming up with various ridiculous and as it turns out, possibly illegal schemes. This is like cutting off their nose to spite their face. Making things difficult for their customers isn’t just losing them business, it’s also driving the success of the peer-to-peer (P2P) file-sharing networks that took over where Napster left off: too inconvenient to plug your stereo into your computer, play the songs and record them? Just start up a P2P program like the fabulous SoulSeek and you’ll get the song you want, neatly encoded as an MP3 and ready for your iPod in just a few moments.

If the recording industry doesn’t stop fighting this losing battle, they’re going to wake up one day and realize they’ve lost. The Internet, and their customers, will have moved on without them.


Be Careful on the Web

I don’t normally post computer security warnings, but this is a bad one. There is a flaw in Internet Explorer versions 5.5 and 6.x which allows malicious code to take over your entire computer, simply by visiting the wrong website. This vulnerability affects even computers running Windows XP SP2, which is the most recent version of Windows XP.

Most of you are probably using a version of IE that is vulnerable and I bet almost all of you are using Windows. So be careful. Don’t visit any websites that you do not trust – a prime example would be the kind of websites you’d encounter if you are looking for free software/games/movies/music, cd-keys and serial numbers, hacks, or anything else that is marginally socially/legally acceptable. Or start using Firefox, which doesn’t have this problem. There is going to be a wave of people looking to exploit this until Microsoft fixes it.

You can read more about this issue here.


For the Techies

I’ve been using Gmail for a while now and I’m convinced it is by far the best online email service out there. Besides having superior usability, search features and storage space, there’s something else about it that really stuck out from the very first day: it behaves differently than most other websites. The way it works reminded me more of a desktop application – or a Flash website – than the websites I was used to.

It’s a lot more interactive than most websites, and its a lot faster too. If you don’t know what I’m talking about, you can experience the same sort of thing on Google Maps. There’s a lot more stuff to click on, things move around, you’ve got controls that are non-standard for websites (like the zoom slider, for example). As a web developer, I often wondered just how Gmail did it.

Today I found out. It’s technology called Ajax, which is short for Asynchronous JavaScript and XML. This relatively new idea, based on a combination of older technologies which have been in use for a long time, is enabling the creation of websites with a lot more interactivity and much better interfaces. I’m not going to get into the specifics of how it works, since you can read all about it yourself, but make no mistake: this is the web development technology of the future.

But where does this leave Flash? Flash is designed to accomplish pretty much the same thing as Ajax, namely websites that are more interactive, react quicker and have more interesting interfaces. Ajax does appear to have some initial advantages: it loads faster than Flash, it still displays information in standard HTML which allows search engines to easily index the content, and it doesn’t require downloading the Flash plugin (the only “extra” technology required is for Javascript to be enabled). Flash still appears to be better for really graphical, flashy websites, as the name indicates. But for someone like myself who values content over looks, and for the many businesses that do too, I wonder which technology will be the most appealing.

My apologies to my non-technical readers, which is probably most of you, for bombarding you with this sudden onslaught of geek-talk. You might have no idea what I’m talking about, but stay tuned: I have an idea for a web application that will demonstrate this technology and will probably be helpful to you too.

Life, politics, code and current events from a Canadian perspective.

Adrian Duyzer
Email me


Proud contributor to
Director, Web Division at