Nigerian Cybercriminals Attack US Companies with Malware

Nigerian scammers, mostly known for the infamous "Nigerian Prince" scam and romance scams are now stepping up their game and making their operations more sophisticated.

In August 2019, the FBI made a significant bust by offering some insight into the growing capabilities and scale of Nigerian scammers online. Federal agents made 14 arrests of online con artists working on US soil, part of a network of cybercriminals. They also named another 66 in a 252 count federal grand jury indictment. The scammers managed to defraud victims of up to $10 million, in what the FBI calls one of the most significant cases of its kind in US history. The ring had tried to steal about $40 million from victims across the world and the United States.

A Palo Alto Networks report released recently mentioned they researched the Nigerian cybercriminals for five years, trying to show how they're growing more proficient at what they do. They began using more sophistication in their tactics and tools, working on Business Email Compromise (BEC) scams, a far cry from the blatantly apparent scams of 15 years ago.

Although Nigerian scammers were considered an emerging threat when it comes to malware attacks, evidence uncovered recently shows they are evolving in their ability. According to the FBI, they were showing signs of maturing their operations to a level of threat close to groups known for malware packaging and delivery techniques. Palo Alto Networks noted they tracked about 27,000 samples of malware connected to Nigerian threat actors. Researchers noted that the enormous amount of BEC scam attempts by Nigerian actors had a 172% increase in 2019 over the actions over the previous year.

What makes a BEC scam so dangerous?

Scammers use hacked email accounts to convince individuals and businesses to make payments. The scam allows the cybercriminals to learn more about personnel in targeted companies that are responsible for processing payments and transfers. They can then use that information to target individuals and businesses that perform those regularly.

BEC attacks led to 1.7 billion dollars in losses over 2019, more than the losses resulting from identity theft, phishing, credit card frauds, and romance scams, according to the Crime Complaint Center of the FBI.

The actions taken by these scammers come at the expense of most Nigerian citizens, students, and tourists or businesses as they are subject to increased scrutiny. The Nigerian government made serious efforts to curb the online fraud right from the source by giving more power to their anti-fraud agency. Although the Nigerian scammers are growing more sophisticated, they remain indiscriminate in their targeting. From large and small businesses, US government institutions or healthcare companies, all are fair game to the cybercriminals behind these frauds. Tech companies are the most significant target, with more than 313,000 attacks last year, more than twice the number of attacks compared to 2018.