Assessing the expertise of the person responsible for a scam is extremely subjective and usually not possible. But you may encounter clues that offer a glimpse into this aspect.
If you observe a series of scams that are clearly related, then you might want to look at the timeline of events that occur in each of them. A professional con artist is going to set up a scam, announce it via email, collect some data, and then shut it down quickly. In many cases, a series of scams will be run back to back in order to maximize the return and minimize the risk of being caught. But if the timeline is spread out over weeks or months, you might infer that the author is less experienced. Similarly, this might suggest someone working alone rather than as part of an organized gang.
Mistakes made in the setup of a web site suggest inexperience on the part of the author. The first case study in Chapter 11 serves as a good example of this.
If you are fortunate enough to access the source of server-side scripts on a web site, then you may be able to assess the author’s level of programming skill. In particular, it may reveal whether the script is the work of the scammer or whether it is part of a distribution kit, as was the case with the PHP script shown in Example 5-4 in Chapter 5.
One of the best indicators of expertise is whether the web site has been set up on its own server or been surreptitiously inserted into an existing site. The former implies that they have the resources needed to set up a server and the confidence that they will not be revealed. The latter requires that the scammers have the skills necessary to break into someone else’s server, although the widespread availability of scripts to exploit known vulnerabilities challenges that assumption.