The evolution of internet scammers

West Africa’s infamous internet scammers have evolved, dropping their impersonations of online love interests, princes and US soldiers in favour of hijacking corporate emails, and costing businesses hundreds of millions of dollars a year.

It is a much more lucrative venture that works by gaining access to corporate email login details or passing off almost identical addresses as the real deal. This scam is known as Business Email Compromise (BEC), according to a report issued last week by cybersecurity firm CrowdStrike.

These Nigerian rackets now dwarf other types of online criminal theft, amounting to at least $5.3 billion in losses between October 2013 and the end of 2016, said CrowdStrike and the US FBI’s Internet Crime Complaint Center.

“There’s a disproportionate amount of criminal gain they get from it,” said Adam Meyers, vice-president of intelligence at California-based CrowdStrike.

“The lion’s share of ill-gotten, fraudulent money is around these business email compromise attacks. It’s a huge problem for our customer set.”

Nigeria has become one of the hubs of BEC. Nigerian online fraudsters, known as “Yahoo boys”, became notorious for trying to pass themselves off as people in financial need, or Nigerian princes offering an outstanding return on an investment.

The capers became known as “419 scams” after the section of the national penal code that dealt – ineffectively – with fraud.

Yahoo boys even impersonated a US forces commander in Afghanistan to defraud people by asking for help in recovering the assets of deceased soldiers. It forced the commander to issue a Facebook statement saying he would never try to contact anyone asking for financial help.

Now the scammers have bigger fish to fry, with the potential gains amounting to hundreds of millions of dollars a year, according to CrowdStrike.

Behind the fraudsters is an organised crime network with its hands in human trafficking, drugs, prostitution, money laundering, email fraud and cybercrime, the CrowdStrike report said.

“The magnitude of this criminal threat has only recently begun to be understood,” it said.

The Black Axe gang sprang from Nigerian universities and now extends from Africa to North America, Europe and Asia.

Its targets have ranged from semiconductor makers to schools in US states including Connecticut and Minnesota, passing themselves off as executives and lawyers to trick employees into wiring sometimes millions of dollars a day into bank accounts.

From there, the money is quickly laundered through a series of bank accounts that can be traced to Hong Kong and China, where the trail often goes cold because diverging regulations foil monitoring, CrowdStrike’s Meyers said.

With that money, the Nigerian scammers are enjoying the high life, said Meyers, noting social-media accounts filled with pictures of them posing with luxury Mercedes cars, gold watches, jewellery and Champagne.

“It’s really hard to stop. You can’t stop it with anti-virus or any kind of software. It’s really kind of a human problem.” – Reuters