INK STICK MEDIA
The Nigerian prince has to be one of the most persistent phrases in cybersecurity — not unlike the scammers it is named after. It is so popular that one can argue that it is more of a cultural phenomenon than it is a cybersecurity term, making appearances on TV — see “The Office”; music — see YUNG LIXO’s “Scam from Nigeria”; and in everyday conversations. When I was fundraising for an event, a colleague based in the United States told me it would be harder for me to get funding because I come from “the land of Nigerian princes.”
At first, I rationalized that this obsession was rooted in the very real harm that Nigerian cybercrime causes around the world. Over time, though, I realized that this was shortsighted — the “Nigerian prince” is not a neutral term, but one that is rooted in a deep bias that, whether accidental or intended, obfuscates conversations around cybercrime and paints Nigerians as cybercriminals until proven innocent. It has led to an entire strata of social engineering scams — cyber attacks that prioritze manipulation tactics rather than particular technological tools — being incorrectly labeled as “Nigerian prince scams” with a ripple effect for Nigerians around the world.
“We need to reexamine – and rewrite – the historical context of the Nigerian prince,” an app developer friend told me, while we discussed an incident where a prospective employer told him that they “had a thing” against hiring Nigerians. He talked about routine rejections from prospective employers who weren’t willing to “risk it.” He’s not the only one, Nigerians routinely talk about being discriminated against in the international market due to their nationality and presumed risk of cyber criminality.
Magicians in the Mail
In his book “This Present Darkness: A History of Nigerian Organized Crime,” Stephen Ellis recalls the first cases of advance fee fraud in West Africa. The scammers would pose as African magicians and write letters to potential victims, promising them talismans and charms in exchange for money sent in advance. Many of these letters were sent abroad; by 1947, the British government had intercepted around 9,570 such letters and recovered around 1,200 pounds.
When the Internet came to Nigeria, the scams went online. It was just a few years after Nigeria had gained independence and a crash in global oil prices had sent the country into an economic crisis. Many Nigerians started taking odd jobs, often working in manual labor to make ends meet. Others turned to cybercrime, updating the advanced fee scam format of the “African magicians” to fit the digital age. Scam letters became e-mails and the “yahoo boys” were born.
At first, the “yahoo boys” would pose as Nigerian princes who were willing to share their riches with someone, as long as the would-be recipient could send them some money in advance. Today, their stories have expanded into everything from a stranded soldier in need of money to the classic romance scam, encompassing everything from advance fee fraud to identity theft. All of them, however, are unofficially classified as variations of the “Nigerian prince” scam and the scammers are referred to as Nigerian princes — even if their scams bear no resemblance to the Nigerian prince scams of the past.
As a young Nigerian journalist who specializes in cybersecurity, I often think about how this drives forward the assumption that the majority of social engineering scams (advance fee fraud, in particular) originate in Nigeria and how this assumption has created an unwritten rule that Nigerians are cybercriminals until proven otherwise. Even though there are plenty of cybercriminals who use social engineering in countries like Romania and Ukraine, there are no “Romanian princes” and the media tends to treat European cybercriminals with far more nuance than it treats their African counterparts.
The “Nigerian prince” is not a neutral term, but one that is rooted in a deep bias that, whether accidental or intended, obfuscates conversations around cybercrime and paints Nigerians as cybercriminals until proven innocent.
Meanwhile, the idea of a “Nigerian prince” has expanded to refer to everything from advance fee fraud to identity theft, wire fraud, or even social security fraud. It pushes the narrative that whatever the crime, the social engineering required is rooted in the methods of the “Nigerian princes” from the early days of the Internet. However, even this attribution is incorrect — as far back as the 19th century, the Spanish Swindler plagued Britain, posing as a prisoner with hidden treasures, promising victims some of his riches if only they would pay to help free him.
Damaging Narratives
Today, most cybersecurity researchers and professionals are careful with their language, motivated more out of a desire to help the public understand the nuances of advance fee scams than a desire to correct this narrative. Those who care about both stand out.
Dr. Suleman Lazarus, a visiting fellow at the Mannheim Centre for Criminology at the London School of Economics who specializes in the cultural circumstances of cybercrime in West Africa, said that the Nigerian prince scams ballooned in popular discourse because the stories make exciting copy. “It made [for] good news [material] that an African country that’s just gained independence was becoming popular for cybercrime,” he said in an interview.
“The Nigerian prince has more character than advance fee fraud or whatever because it is pegged on the identity of real people rather than an abstract term,” he continued, pointing out that this stereotype is rooted in racial and geographic bias and perpetuated by the media’s desire for sensationalism.
