Look, you may not appreciate how laborious it is to be a Nigerian prince trying to smuggle funds out of the country.
It would be such a help if people would just hand over the small amounts needed to, you know, draw up an affidavit, pay the fees for the checks so they can clear, cover the contract tax, stamp the duty payment, grease some palms, or, say, get human body parts to satisfy the voodoo part of the deal.
But hey, you do what you have to do to get free money to strangers, right?
Or, at least, to weave such elaborate scams to try to convince strangers you’re giving them free money instead of running a 419 scam.
With all the work it takes, it’s no wonder that Nigerian royalty – that translates into “Yahoo Boys”, on the “yea, tell me another one!” side of the coin – are turning to a more lucrative source.
Namely, businesses that they can target with Man in the Middle (MiTM) attacks.
In April, the FBI warned about a dramatic increase in this type of scam, which is known as business email compromise scam, or BEC.
Between January 2015 and April 2016, the FBI said, it’s seen a 270% increase in identified victims and losses. And those losses are way bigger than the relatively petty “fees” that Nigerian scammers had been gouging out of people: in Arizona, the average loss per scam was between $25,000 and $75,000.
Now that’s more like it!
Last week, we saw a Nigerian man get arrested for a few of these business email scams: in one flavor of BEC, a business’s email would be compromised, emails from the business’s suppliers would be intercepted, and fake messages were being sent to the buyer with instructions to make a payment to one of the conman’s own bank accounts.
There was news of another Nigerian business email scam last week out of the Defcon hacker conference in Las Vegas. Researchers from Dell’s SecureWorks spotted it in February when they came across a keylogger that was sending unsecured data to an open web server.
Researchers Joe Stewart and James Bettke say that the fraudsters, based out of West Africa, are calling their new scam “wire-wire,” “waya-waya,” or “the new G-work.”
They managed to trace the keylogger back to a group of Nigerian scammers with more than 30 members who’ve used wire-wire to bilk some $3 million out of businesses a year.
The group might still be at it today, were it not for the convenient fact that one prominent member shot himself in the foot and accidentally infected himself with his own malware.
Thanks to that “D’oh!” move, his infected system was uploading screenshots and keystroke logs to an open directory on a web server.
We preach security hygiene, but the case of a scammer infecting himself is one of those rare occasions where we applaud somebody falling flat on their face!
The FBI has tips on how to protect your business from this type of fraud:
- Be wary of email-only wire transfer requests and requests involving urgency.
- Pick up the phone and verify legitimate business partners.
- Be cautious of mimicked email addresses.
- Practice multifactor authentication: you might know it better as two-step verification (2SV) or two-factor authentication (2FA).
…but hopefully, scammers will keep up the sloppiness and keep infecting themselves.
8 comments on “Nigerian scammer infects himself with malware”
Could just have been headlined “Scammer infects himself.” Not sure of the need to tag it Nigerian as though there wasn’t enough bad press already about NIGERIA. But then again, I’m not sure I would have read it if it wasn’t tagged that way.
Well, it could have been headlined “man gets keylogger,” which is the core of the story.
In general, I disapprove of using “Nigerian” as a generic adjective for referring to advance fee fraud, for a number of reasons. Firstly, as Africa’s most populous country (and the one with the biggest diaspora), a random person from Africa is more likely to be from Nigeria than anywhere else. Secondly, what you said. No need to rub salt into the wound. Thirdly, associating advance fee fraud specifically with Nigeria does make other countries sound “safer,” even though one of the big hassles in fighting cybercrime is its truly global nature. Fourthly, using terms like “Nigerian fraud” does imply that all Nigerians should be treated as rotters by default, which is a bit unfair!
However, in this case…it’s true. The story quite literally does involve a Nigerian scammer…so I smiled at the headline, which is sort-of a silver lining.
I’d have gone with a sporting headline – “Yahoo Boy scores Own Goal”.
I don’t waste my time reading stereotypical stuffs written with the impression that all Nigerians are bad. I v long uncovered the ridiculous western ‘ condescending paternalism’ towards Africans and I can only pity you for your jaundiced views.
Whilst Stereotypes can have highly undesirable consequences, they are a natural cognitive phenomenon that allows us to process information effectively and efficiently. Whilst it might be unfair on the majority (?) of law abiding Nigerians to label scammers as Nigerian, it serves to protect ordinary internet users when they get an email from a Nigerian prince or dating site response from someone living in Nigeria. They can make a quick decision to delete the communication and block the user. Before you start saying this is unfair. Nigeria has a very high rate of larcenous behaviour so such a probability exclusion can be very effective. I don’t think I have yet missed an opportunity by having strict junk email filters that bin all emails with the words Nigeria, Ghana etc.
Thanks for this story… it made my day. And you chose the perfect pic to go with it!
When you pick up the phone to your supplier to confirm the new payment details, just be sure not to dial the 00 234 1 … phone number that appeared in the email.
You know how to keep Nigeria from getting bad press?
It would be for Nigerians to stop doing bad things.
Pretty simple really.