Nigerian scammer infects himself with malware

shotfoot

Look, you may not appreciate how laborious it is to be a Nigerian prince trying to smuggle funds out of the country.

It would be such a help if people would just hand over the small amounts needed to, you know, draw up an affidavit, pay the fees for the checks so they can clear, cover the contract tax, stamp the duty payment, grease some palms, or, say, get human body parts to satisfy the voodoo part of the deal.

But hey, you do what you have to do to get free money to strangers, right?

Or, at least, to weave such elaborate scams to try to convince strangers you’re giving them free money instead of running a 419 scam.

With all the work it takes, it’s no wonder that Nigerian royalty – that translates into “Yahoo Boys”, on the “yea, tell me another one!” side of the coin – are turning to a more lucrative source.

Namely, businesses that they can target with Man in the Middle (MiTM) attacks.

In April, the FBI warned about a dramatic increase in this type of scam, which is known as business email compromise scam, or BEC.

Between January 2015 and April 2016, the FBI said, it’s seen a 270% increase in identified victims and losses. And those losses are way bigger than the relatively petty “fees” that Nigerian scammers had been gouging out of people: in Arizona, the average loss per scam was between $25,000 and $75,000.

Now that’s more like it!

Last week, we saw a Nigerian man get arrested for a few of these business email scams: in one flavor of BEC, a business’s email would be compromised, emails from the business’s suppliers would be intercepted, and fake messages were being sent to the buyer with instructions to make a payment to one of the conman’s own bank accounts.

There was news of another Nigerian business email scam last week out of the Defcon hacker conference in Las Vegas. Researchers from Dell’s SecureWorks spotted it in February when they came across a keylogger that was sending unsecured data to an open web server.

Researchers Joe Stewart and James Bettke say that the fraudsters, based out of West Africa, are calling their new scam “wire-wire,” “waya-waya,” or “the new G-work.”

They managed to trace the keylogger back to a group of Nigerian scammers with more than 30 members who’ve used wire-wire to bilk some $3 million out of businesses a year.

The group might still be at it today, were it not for the convenient fact that one prominent member shot himself in the foot and accidentally infected himself with his own malware.

Thanks to that “D’oh!” move, his infected system was uploading screenshots and keystroke logs to an open directory on a web server.

We preach security hygiene, but the case of a scammer infecting himself is one of those rare occasions where we applaud somebody falling flat on their face!

The FBI has tips on how to protect your business from this type of fraud:

  • Be wary of email-only wire transfer requests and requests involving urgency.
  • Pick up the phone and verify legitimate business partners.
  • Be cautious of mimicked email addresses.
  • Practice multifactor authentication: you might know it better as two-step verification (2SV) or two-factor authentication (2FA).

…but hopefully, scammers will keep up the sloppiness and keep infecting themselves.