Scamming is Highly Organised

One of the oldest tricks in the book is the “Nigerian Prince Scam", the advance fee come-on that’s come to be known as “419 fraud” after the section of the Nigerian criminal code that makes it illegal.

The Nigerian underworld has evolved too, as organised cybercrime groups don’t restrict themselves to one type of criminal activity; rather, they operate like a growing business, running a variety of different scams at once to bring in money from many sources. Security researchers at Agari (an email security company) discovered this after tracking a large West African criminal group over the course of six months and reconstructing the timeline of its growth and activities since 2008.

Craigslist scams between 2008 and 2010. These scams netted them an average of $24,000 per month, which they split between them. One of these individuals, who Agari calls “Alpha,” started carrying out romance scams in 2010. Alpha would manipulate his victims into handing over their money until they had no more to give, at which point he would use them as mules to assist him with more scams.

The researchers relate the sad story of one of these victims, who was exploited by Scattered Canary until her death in 2017. Even after her passing, the group still used her personal information to carry out crimes, which the researchers say “exemplifies the lengths to which these groups use and reuse their victims until there is literally nothing left to exploit.”

In late 2015, Alpha began launching widespread phishing campaigns, and partnered with other scammers. In 2016, the group started branching out into more targeted BEC attacks, while still running romance scams and credential phishing.

By 2017, Agari says Scattered Canary was a “well-oiled machine,” with numerous employees in various roles. They began phishing US government agencies, knowing that they were safe in Nigeria, since they could bribe local law enforcement to leave them alone.

The group now churns out BEC scams to every target they can find, using online lead services to search out potential victims. In November 2018, Scattered Canary tried to launch a BEC attack against Agari’s CFO, which led the company’s researchers to begin looking into the group. The researchers say the scope of the group’s activities shows that organized cybercrime has reached unprecedented heights.