Although in decline compared to targeted scams, a great deal of the swindles we see contain glaring grammatical errors and clearly don't look legitimate. Yet, a great deal of people end up duped into giving their personal information and even money to the scammers. What makes people ignore the warning signs and just comply with the request?
There will always be a good chunk of people online who simply don't know a thing about scams or confidence tricks, and a paper published by a Microsoft researcher suggested that stating a 419 scammer is from Nigeria helps to "self select" targets, because only targets (or 419 baiters) would actually take the time to reply to such an obviously fraudulent missive.
Outside of 419 scams, people simply want to believe that you can get something for nothing. One of our blogs that draws the most user comments is one detailing the workings of a free Microsoft points scam; 90% of the comments are from people so desperate for freebies that they apparently disregard reading the article in favor of asking us how to get free points instead. We see a similar pattern whenever we write about a "something for nothing" scam, so clearly there's a ready and willing melting pot of end-users willing to take a chance with little or no thought for the potential consequences.
What areas of our online activities can we expect cybercriminals to target more in the near future?
Mobile devices, gaming and less well known social networks will likely be where the most interesting forms of attack will take place. Over a portion of 2011 and most of 2012, Tumblr saw some really interesting and innovative scams and attacks on end-users; now, those tactics are starting to repeat themselves and slowly but surely the userbase is growing wise. The only solution for scammers is to mix things up a little or go elsewhere, and I'd be surprised if they don't attempt to ply their trade on a newer, smaller social network.