The tactics of a Nigerian cybercrime group have been revealed, including their complex phishing techniques and extensive fraud scheme.
The findings, published by ESET in a blog post released earlier today, pertain to the actions of two individuals at the center of a criminal enterprise that resulted in losses of up to $1 million: Solomon Ekunke Okpe and Johnson Uke Obogo.
Okpe and Obogo have now been sentenced to four years and one year behind bars, respectively.
According to ESET, before their incarceration, the cyber-criminals utilized various fraudulent methods, including business email compromise (BEC), work-from-home fraud, check fraud and credit card scams.
The scammers used phishing attacks as their primary weapon to gain access to corporate email accounts and trick people and businesses into sending money to them without permission. They also relied on weak passwords to access the accounts of their targets.
“The takeaway? Always use long, complex, and unique passwords or passphrases to avoid having your access credentials easily guessed or brute-forced,” reads the ESET report.
After gaining access to victims’ accounts, Okpe and his team targeted employees of companies associated with the victims by extensively researching publicly available information. The cyber-criminals then composed personalized emails that were difficult to recognize as fraudulent.
ESET also highlighted how the scammers employed work-from-home scams, masquerading as legitimate employers and preying on job seekers. They also prayed on victims using romance scam tactics.
“After gaining victims‘ trust, Okpe and others used them as money mules to transfer money overseas and receive cash from fraudulent wire transfers,” ESET wrote.
“Many romance scammers borrow from the same playbook, which makes it easier to recognize and stay safe from their tricks.”
A list of recommendations aimed at protecting individuals from scams like this is available in the ESET blog post.