Nigerian ‘Yahoo Boys’ Behind Social Media Sextortion Surge in the US

Security

Teenagers from Western English-speaking countries are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminals, the Network Contagion Research Institute (NCRI) has found.

A majority of these happen on social media platforms like TikTok, Snapchat, Instagram, and Wizz.

Financial sextortion, the illegal act of adults manipulating minors, or other adults, into sharing sexually suggestive content online to extort their money, is the most rapidly growing crime targeting children in the US, Canada, and Australia, a new NCRI report said.

In October 2023, the FBI reported a 1,000% increase in financial sextortion incidents in the US over the past 18 months. This prompted several US government agencies to launch a national Public Safety Alert on the explosion of the threat.

Canada and Australia are observing a similar trend, with their domestic law enforcement agencies receiving between 200 and 300 complaints per month, respectively.

Source: Network Contagion Research Institute
Source: Network Contagion Research Institute

Instagram, Snapchat and Wizz, Top Sextortion Platforms

According to the US National Center for Missing & Exploited Children (NCMEC), social media is the platform of choice for these sextortion schemes to unfold.

Specifically, the following three apps are the top platforms for sextortion:

  1. Instagram
  2. Snapchat
  3. Wizz

Instagram, which does not offer a feature to hide your connections, is the most common vector that sextortion criminals use to target their victims, the NCRI report said.

“Specifically, nearly all financial sextortion attacks on minors involve the screenshotting of the victim’s Instagram followers/following lists and using those lists as leverage, threatening to send the victim’s intimate photos to all these accounts,” the report said.

Snapchat is most frequently utilized to coerce victims into sending a compromising photo once the attacker has gained the trust of its victims.

“Snapchat is the preferred app by criminals because its design features provide a false sense of security to the victim that their photos will disappear and not be screenshotted,” the NCRI said.

The third social media app most used for sextortion purposes, Wizz, is also the fastest rising. This Tinder-like dating platform targeting young teenagers (13+) is owned by the French group Voodoo.

“In the Google Play Store and the App Store, dozens of minors have reported that they were coerced into producing self-generated child sexual exploitation material (SG-CSEM) and blackmailed on Wizz – alongside other child safety concerns, including a high frequency of complaints that the app is serving pornographic ads to minors,” the NCRI researchers observed.

Nigerian Cybercriminals Behind the Surge

Almost all this sextortion activity comes from Nigeria-based cybercriminals known as ‘Yahoo Boys’, NCRI reported.

Their typical approach is to “bomb” high schools, youth sports teams and universities with fake accounts, using advanced social engineering tactics to coerce their victims into a compromising situation.

Although they are not necessarily part of a structured cybercriminal group, Yahoo Boys did start sharing their knowledge with each other.

For example, NCRI has found that they are now widely sharing sextortion scripts and instructional videos on TikTok, YouTube, and Scribd, encouraging other criminals to partake in sextortion.

Source: Network Contagion Research Institute
Source: Network Contagion Research Institute

The sextortion surge observed in the US, Canada and Australia is “a direct result” of this knowledge-sharing, NCRI concluded.

However, little has been shared about the individuals specifically involved in the current financial sextortion surge.

“To date, there are only three known indictments of these criminals in court records and public reporting,” said the report.

Source: Network Contagion Research Institute
Source: Network Contagion Research Institute

Who Are the Yahoo Boys?

The term ‘Yahoo Boys’ started to be used in the early 2000s to refer to financially motivated young Nigerians conducting phishing scams – an activity commonly called ‘yahoo yahoo’ or ‘419 fraud’ in Nigerian slang – using Yahoo.com email addresses.

They are the original ‘Nigerian Princes,’ who have shifted in recent years to conduct elderly fraud, fake job scams, and romance scams.

Despite what some reports sometimes indicate, Yahoo Boys are not part of one unified cybercriminal group but form a nebulous subculture group. Although they might share tips and tricks, they typically operate individually or structured in small groups.

Products You May Like

Articles You May Like

The complexities of attack attribution – Week in security with Tony Anscombe
How Confidence Between Teams Impacts Cyber Incident Outcomes
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
How to Get Going with CTEM When You Don’t Know Where to Start
Why system resilience should mainly be the job of the OS, not just third-party applications

Leave a Reply

Your email address will not be published. Required fields are marked *