In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their own malware, which captured their keystrokes and files and uploaded them to a file-server from which the researchers were able to monitor their activities and methodologies.
The fraudsters were using their malware to perpetrate a scam they call "Wire-Wire," a more sophisticated version of the Business Email Compromise (BEC) scam. In a BEC scam, fraudsters sending phishing emails to company employees in an attempt to induce them to transfer money to overseas accounts controlled by the scammers, by pretending that these are invoice payments for the business's normal overseas activities.
With Wire-Wire, the scammers "bomb" employees with phishing emails with malware links and attachments, and employees who fall for it find their computers infected with keyloggers and spyware. The scammers use this software to send more fraudulent email from the compromised accounts to higher-level employees, either tricking them into installing more malware, or inducing them to make wire transfers to the scammers' accounts.
The researchers observed Wire-Wire scores of $5,000 to $250,000 with the average between $30,000-$50,000 from small- and medium-sized businesses. The scammers themselves were "well-respected and admired" in their communities.
Bettke and Stewart estimate the group they studied has at least 30 members and is likely earning a total of about $3 million a year from the thefts. The scammers appear to be "family men" in their late 20s to 40s who are well-respected, church-going figures in their communities. “They're increasing the economic potential of the region they're living in by doing this, and I think they feel somewhat of a duty to do this,” Stewart says.
After the fact, it can take awhile before the customer and seller realize they’ve been scammed—often, neither buyer or seller realizes that something is amiss until the shipment or payment is overdue. Given their vantage point, Stewart and Bettke have tried to alert some businesses to the scam before the fraudulent transactions are complete, but they sometimes have a hard time persuading employees that they aren’t scammers themselves.
Wire Wire: A West African Cyber Threat
[Joe Stewart and James Bettke/SecureWorks]
[Amy Nordrum/IEEE Spectrum]