Active Countermeasures for Email Fraud

Abstract: As a major component of online crime, email-based fraud is a threat that causes substantial economic losses every year. To counteract these scammers, volunteers called scam-baiters play the roles of victims, reply to scammers, and try to waste their time and attention with long and unproductive conversations. To curb email fraud and magnify the effectiveness of scam-baiting, we developed and deployed an expandable scam-baiting mailserver that can conduct scam-baiting activities automatically. We implemented three reply strategies using three different models and conducted a one-month-long experiment during which we elicited 150 messages from 130 different scammers. We compare the performance of each strategy at attracting and holding the attention of scammers, finding tradeoffs between human-written and automatically-generated response strategies. We also demonstrate that scammers can be engaged concurrently by multiple servers deploying these strategies in a second experiment, which used two server instances to contact 92 different scammers over 12 days. We release both our platform and a dataset containing conversations between our automatic scam-baiters and real human scammers, to support future work in preventing online fraud.