Ever received an email supposedly from a Nigerian prince informing you that you’re an heir to his family’s fortune? Chances are you’ve encountered an advance-fee scam (aka a Nigerian prince scam). It is one of the oldest, most common tricks used by West African cyber criminals.
While West Africa has no underground market yet to speak of, a surge in cyber criminal activity reports in the region suggest that it is going toward that direction. The most probable reasons? Poverty and unemployment.
The INTERPOL survey conducted for the joint research with Trend Micro revealed that cybercriminals steal an average US$2.7 million from businesses and an average of US$422,000 from individuals each year.
Profiling West African cyber criminals
Unlike their French counterparts who are cautious and wary of even their peers, West African cyber criminals willingly share their technical know-how and best practices. They constantly communicate with one another and even work in tight-knit groups via email and social media.
>See also: Big Data in the developing world
There are two major types of West African cybercriminals—Yahoo boys and next-level cyber criminals.
Yahoo boys are typically 20−29 years old and like to brag about their ill-gotten gains on social media, particularly on Facebook. They have been dubbed such due to their use of Yahoo! Apps in the not-so-recent past.
These days, they more heavily rely on social media for both communication and their criminal operations. They have basic technical know-how and typically work as part of a group supervised by a ringleader and mastermind.
Yahoo boys are likely to pull off the following scams:
- Advance-fee scam: Scammer pretends to be a member of a royal family seeking help with regard to the transfer of wealth. Other variations include the scammer informing the victim that he/she has won the lottery.
- Stranded-traveler scam: Scammer masquerades as a victim of a very unfortunate circumstance (an “emergency”) while traveling abroad and seeks the victim’s immediate financial assistance.
- Romance scam: Scammer leverages the trust and romantic relationship he/she has built with the target users to ask for financial support.
Next-level cyber criminals, meanwhile, are the complete opposite of Yahoo boys. They are relatively older (around 30 or older) and more technically adept.
They frequent and purchase their tools (key loggers and remote access tools/Trojans [RATs]) from underground forums. They also have ties, financial accounts, and networks in the countries their targets reside in. This helps them more smoothly carry out operations.
Next-level cyber criminals prefer to pull off “long cons,” more often related to more complex scams like the business email compromise (BEC) scam: scammer compromises the email account of an executive and tricks the company’s finance department to wiring large sums of money to an account he/she controls.
BEC scammers have amassed US $3 billion from October 2013 to May 2016 from pulling off this type of scam.
Scammer pretends to be an executive of the target company asking for W2 information from its human resources department in hopes of stealing tax returns intended for certain employees.