The 419 Scam: What It Is and How to Protect Yourself From It

These Nigerian email and DM scams are incredibly common but avoidable

What to Know

  • The 419 scam is usually an online scam that pretends to come from a person in need of financial help often during December or January.
  • Aka the Nigerian money scam or fee-advance scam, scammers can ask for money via email, direct message, phone call or text.
  • The bottom line: Never send money to someone you don't know.

This article explains what the scam is, how it typically works, and what to do if you've already become a victim. If you haven't, learn what to do to avoid becoming one.

What Is the 419 Scam?

Nigerian scams are some of the most well-known cons around and are often one of the first examples people think of when discussing online fraud. One of the reasons the Nigerian scam—its 419 name from the Nigerian criminal code for the law that deals with these sort of scams—is so famous is because of the sheer number of people who have received a scam email from a suspicious Nigerian-based sender.

Most of your friends or family would have received at least one of these dodgy emails over the years and you may have even seen some TV shows, such as South Park, feature storylines about it.

The 419 scam is also one of the oldest online scams, having been around since the early days of email, and even predates the internet itself. Before the net, scammers would attempt to convince people to send them money over the telephone or via an old-school paper letter.

Despite how well-known the 419 scam is, many people continue to be scammed out of money every year all over the world. Exact U.S. data is hard to come by, but an official report by the Australian government states that in 2018, 878 people in the country filed reports after falling victim to a 419 with all of them being collectively scammed out of a total of $1,379,285.

How Does the 419 Scam Work?

The 419 scam usually begins with an email, direct message or DM, phone call, or text message from someone in Nigeria claiming to need help. Once trust is established, the conversation evolves into requests for small sums of money and eventually escalates into requests for even larger amounts.

According to a government report, the majority of 419 scams tend to occur in the months of December and January and are initiated via email, social media, phone calls, and text messages. Only 2.1% of 419 scams were done via traditional snail mail and just 1.5% were done in person.

The scammer typically prefers the money be sent to them via methods that don’t usually support refunds, reversals, or reimbursements, and those that can make it more difficult for them to be identified.

Chart showing most-active months for the 914 Nigerian scam.

For example, a credit card payment can often be reversed if you find out you’ve been scammed, so a person committing 419 fraud would request you send money via postal money order, cashier's check, wire transfer, or with a cryptocurrency such as Bitcoin or Ripple.

How Do the 419 Scammers Find Victims?

Victims of 419 scams tend to be almost 50/50 men and women in every age demographic above 25 years old so it’s unclear if the scammers target particular groups or not. Given the ease at which individuals and groups can email and message multiple people at once nowadays, it’s likely that 419 scammers simply initiate conversations with as many people as they can and then personally respond to those that take the bait and reply.

Email addresses and phone numbers are often collected by bots that scan the web for personal contact information or by scanning data sourced from a system hack or security breach.

How Do I Avoid Getting Involved in This Scam?

The easiest way to avoid getting involved in a Nigerian scam is to simply not reply to any emails or messages that you get from complete strangers asking for help from a foreign country. Even if the communications look professionally written, it’s always best to assume that they’re a scam unless you know the company or person that the message is from.

If a friend or family member messages you on Facebook, Twitter, or another app, and asks you for money, you should always call them to confirm their identity as their social media account may have been hacked and you could be talking to a scammer.

I’m Already a Victim. What Should I Do?

If you find yourself being a victim of fraud or a scam, the first thing you should do is contact your bank and try to get any transfers that you’ve made reversed. If you’ve sent someone money via PayPal, you may be able to get a refund by following the correct steps. All cryptocurrency payments are unfortunately irreversible due to the nature of the blockchain technology behind Bitcoin and other crypto coins.

Depending on how much information you’ve given to the scammer, you may need to change all of your associated usernames and passwords and cancel your credit card by calling your financial institution or credit card company. The good news is that most of this can be done relatively quickly.

If you’ve given the scammer the private keys to a cryptocurrency wallet, something which you should never do, you’ll need to send all of its funds to another wallet of the same type under your control immediately as that wallet is now compromised and can be accessed by the scammer. Changing the username and password on the wallet’s app won’t be enough.

You can file separate reports via the FBI website or local FBI field office and the Federal Trade Commission’s Complaint Assistant, however, it’s important to realize that this doesn’t guarantee that you’ll get all of your money back. Make sure to keep records of all of your communications with the 419 scammer in case they’re needed for a future investigation or court case.

How Do I Avoid Being Targeted for the 419 Scam?

To reduce the risk of Nigerian 419 scammers collecting your contact information and scamming you, it’s a good idea to try and refrain from typing your phone number and email address in emails, DMs, and social media posts unless absolutely necessary. You should also make sure that all of your accounts have strong, and completely different, passwords and to enable two-factor authentication on all of the services that support it.