Subscribe to our newsletter

Get the State of Digital Newsletter
Join an elite group of marketers receiving the best content in their mailbox
Help us understand what topics we should be writing about!
We would like to help you get the best content for your role
* = required field
I want the...

What alerts do you want to receive?

What topics do you most like to read about?

Trolling scammers with Google Analytics

nigerian scammers and google analyticsIn one of my previous posts on the State of Digital, I hinted at the use of the real-time reports in Google Analytics. Yes, they are mesmerizing with their little green and red dots popping on and off the screen, giving you the illusion that your website is a lifeform of its own. But I digress. In today’s post, we’re going to see how to identify online scammers – and have a little fun at their expense with the help of Google Analytics.

Why? Because we can, because it’s 100% risk-free and because some of us have a little spare time. 🙂 Let’s see how this is done!

419 is the crime

You have an e-mail address, right? Then at one point or another in your mailbox’s existence, you received a message from someone claiming to be the heir of an African dictator, diplomat, diamond trader or something similar. The sender then proceeds to tell you that they require your help moving a very large sum of money out of the country because, you know, them pesky authorities are after them.

Of course, there is a promise of a very generous compensation/commission based on the total amount you help transfer. The story in the e-mail will vary from time to time. Sometimes, our African friend will be looking for a way to circulate gold bullion. In some cases, you are the last of kin of some local personality who just passed away. Your mileage will vary as the senders get ever more creative.

scammers in my spam folder - found at http://www.motherjones.com/files/email.pngUnless you are utterly and completely stupid, reading such an e-mail should be a clear indication that the sender is attempting to scam you. Most of the time, your e-mail service will be smart enough to classify the e-mail as spam but it might show up in your inbox as a “legit” e-mail, despite the fact that it’s clearly sent by scammers.

The way they do this is by getting you to provide a bank account number and signed documents or a copy of your passport “for authentication purposes”. Then they forge your signature and clean out your account. Sometimes they go for a quick “win” and ask you to wire small amounts to cover costs and sundry.

This is called Advance Fee Fraud and has become Nigeria’s national sport and the country’s second source of income, right behind oil production. The crime is listed in the Nigerian Criminal Code under section 419, hence the name 419 scam. Of course, other African countries (such as Ghana and the Ivory Coast) are trying to imitate Nigeria, with mitigated “success”. Nigerian scammers are such pros now that they migrate to Malaysia under student visas to diversify, seeing how Nigeria is pretty much blocked by Western Union because of too much fraud. Now that we’re up to speed, let’s see how we can track down the scammers.

Introducing Rezwan

In this example, we’re going to look at someone from Ghana passing as an account manager at Barclay’s named Rezwan Mirza. This “gentleman” contacted me via Skype, which is definitely the channel of choice to reach out to customers, right? 🙂

In my extensive experience with this kind of messages, I was 110% sure that this was a scammer before I even acknowledged the chat request. Any sensible person would have ignored/muted/blocked the contact request. I chose to play with my food before killing it.

The conversation started like this:

Me: Hello, can I help you?

Rezwan: How are you doing today I am Rezwan Mirza working with Barclays Bank here in Dubai(U.A.E)

(as it happens, I have customers in Dubai and have been there before so let’s toy with him a bit.)

Me: Hello, how can I help? As it happens, I’ll be in Dubai Thursday, did you need me to come down to the branch?

Rezwan: I write to contact you over a very important business transaction which will be of our interest and benefit to our both families. [WTF Barclay’s? our families?]

(Let’s make him stew a bit)

Me: I apologize, I have to step into a meeting. Can you send me the details pertaining to the transaction using my secure contact form at http://juliencoquet.com/contactform.html?id=rezwanmirza [DO NOT VISIT, HIGHLY UNSAFE FOR WORK]

Let’s take a quick break from Rezwan, shall we?

Google Analytics detects scammers

At this point you’re wondering what this all has to do with Google Analytics, right?

Well, that’s when the real-time reports come in handy. If you’re not sure where that scammer is hailing from, you want them to visit a very specific page on your site.

In my case, I use a very specific Google Tag Manager container on that page.

The container contains a few things:

  1. A variable cycling randomly through an array of Internet shock site URLs.
    WARNING: be subtle about it if you try to replicate the experiment, the GTM team monitors containers for malware and shock sites – and can block your account.
    Alternatively, just use the URL to an annoying video.
  2. A custom HTML script that makes page loading hang
  3. A Google Analytics page view tag that tracks the current page
  4. A custom HTML tag that redirects to one of the shock sites determined in the variable at step #1

So when Rezwan (or whatever his name is) eventually clicks the link and lands on the page, GTM is going to redirect him to a shock site and leave him emotionally scarred life, but not before tracking him using Google Analytics.

They see me trollin’, they hatin’

But let’s get back to the conversation about 25 minutes after I left him on hold.
He still had not clicked but I discover as I return that Rezwan had left me additional information about his opportu… scam:

Rezwan: In 2007, one Mr. Weimin Coquet [LOL, I’m sloppy seconds to a Chinese businessman], whose surname is same as yours and has your country in his file as his place of origin made a fixed deposit for 36 months, valued at $26,700,000.00 with my bank. I was his account officer before I rose to the position of Managing Director [riiiight]. The maturity date for this deposit contract was 27th of September 2010. Sadly Mr.Weimin was among the death victims in the September 2009 earthquake in Indonesia that left over 1,200 people dead while he was there on business trip.
Send your email now

Me: Sorry i don’t trust e-mail for that kind of exchange, and this looks important. If you have official documents, make sure to upload them here: http://juliencoquet.com/contactform.html?id=rezwanmirza [Again, highly NSFW, do NOT visit.]
It is secure and much safer than e-mail. [Because if I go to e-mail, this becomes another battle for another post]

Rezwan: OK

Me: Thanks, have to run

Rezwan: OK

[10 minutes pass in my very important meeting.]

Me: Thanks, for holding. My meeting was shorter than expected! I just checked my system and I still have no trace of documentation from you. I am standing by for you to upload documents pertaining to your proposal using the form at http://juliencoquet.com/contactform.html?id=rezwanmirza
In the company field, enter “Barclays” so I’ll know it’s from you.

Rezwan: OK

Me: Once you upload the documents, you’ll get a receipt from a secure e-mail address, we can keep the discussion going from there. I presume you’ll need to send over account statements and other documents?

Rezwan: Ok, I will get in contact as soon as possible ok

Me: It must be late for you in Dubai already

Rezwan: Yes that is right [liar, he’s in Ghana, in the same timezone as me]

[Uh oh, this is going to take ages, let’s look greedy/desperate]

Me: Let me know when you’re done, I still havent received any documents from you.

Rezwan: Ok, Am busy now

[Let’s smack him around a bit for being an insolent prick.]

Me: Oh I’m sorry, I thought an operation of that magnitude was important to Barclay’s. You do not sound very reliable right now.

Rezwan: Sure it is but I can not send documents to you right since we have not yet started the business

Me: Can you at least use the form to upload the authorization form and start the business?

That’s when he clicks the link, pops up in real-time reports and sure enough,Google Analytics places him in Ghana which looks in no way like Dubai. As if I needed proof, this is the first concrete indication that he is not who he says he is.

At that point, Rezwan needs mental bleach to survive the shock site experience.

Me: My system indicates a hacking attempt from Ghana. This could be an indication that your Skype account may be compromised and used by crooks in Ghana to scam people. I urge you to take the necessary measures to secure your network.

Rezwan: [string of expletives related to my alleged sexual preferences]

The conversation goes downhill fast from there as I try telling him that since he was about to scam me and waste my time, I’d waste his, with little to no effort on my part. That obviously did not please him. He apparently has intimate knowledge of my mother and grandmother, which I had never suspected. Block and report. End of story. Farewell, Rezwan.

Of course, Rezwan is just an example; I have gone much further down the rabbit hole, wasting scammers time, but it’s a story for yet another post.

Found your calling as a scammer hunter?

Scamming scammers has become something of a sport. Using Google Analytics to confront them after they lie to your face about where they are is just an added bonus.

If you too wish to have a little fun at the expense of scammers, here are a couple Google Analytics tips.

To get a better view of the countries my scammers hail from, I can either use a landing page report with a country secondary dimension or use a country report with a segment applied:

google analytics scammers segment

You can also create a custom report that yields the same results:

google analytics scammers custom report creation

Either way, you will get a table similar to the following:

google analytics scammers report

In my case, being French, I get a lot of hits from scammers from the Ivory Coast, the runner-up to Nigeria. And the “ladies” are waiting in line to talk to me apparently.

google analytics scammers hangout

In conclusion

Here is the part where I wax philosophical and wonder how much time I really spend trolling scammers. The answer is: not that much, surprisingly. Most of the time I ignore, report and ban similar requests but every once in a while, I will indulge and visually and verbally rough up a scammer or too.

Whether you go the Google Analytics route or just troll your scammer, here are a few rules:

  • Do not use your real name.
  • Never disclose any kind of personal information
  • Never send photos
  • Never accept a call or webcam request (my camera is broken).
    They will try and get you to get naked on camera and then blackmail you.

What about you? Have you had experiences with scammers via chat or e-mail? How did you respond? How far did it go?



Digital analytics and marketing expert, director of analytics services at Business & Decision & Chief Evangelist at Hub'Scan, a tag auditing solution