Have you ever received an email from a Nigerian prince? Did he ask you to help him move billions of dollars out of his country? Did he offer you a substantial reward to help him? On the surface it sounds like a joke, but more than 100,000 people fall for it every year in the U.S. alone.
However, that number is on the decline as the scam's notoriety grows. Who hasn't heard of this scam by now? While people are wising up to these outlandish Nigerian scams (which also includes bringing a lost Nigerian astronaut home from space), it just means the scammers are coming up with new ways to trick you.
One of those new ways is called "wire-wire" and it's a spin on the traditional B.E.C. scam. The B.E.C. scam tricks employees of a legitimate business into relinquishing sensitive information by sending a disguised email "coming from" the company's payroll department or CEO. Only this "wire-wire" scam is much more difficult to spot.
Or is it?
This time around, Nigerian scammers have gotten a taste of their own medicine. While working their wire-wire scams, five Nigerian hackers accidentally infected themselves with their own malware. All the while, a group of security researchers here in the states has observed this scam in action and learned how it works. The duo of James Bettke and Joe Stewart will present their findings on this new scam at this week's Black Hat Security Conference in Las Vegas.
Since Bettke and Stewart discovered the crime ring in February, they were able to view the criminals' screenshots and keystrokes. They determined that the hackers were using easy-to-access marketing tools to grab business' employees' email addresses. The scammers then start "bombing" these email addresses with messages full of malware, malicious links and infected attachments.
If the recipient does what the hackers want them to, which is click and download their malware, the scammers now have access to passwords and that means they're now inside the system, but they don't attack right away. They'll wait and follow the infected computer's activity until financials are revealed or when a financial transaction needs to take place.
Once a financial transaction is made (that's where the wire-wire comes in) the hackers will spoof or imitate an email address intended to look like the legitimate recipient and reroute the money into their own accounts rather than the intended destination. Transactions discovered by Bettke and Stewart show that these wire transfers average between $30,000 and $60,000 with the highest transaction being $400,000 and totaling an estimated $3 million.
The rest is history. Most victims don't know they've been scammed until it's too late - usually when the company notices a missing payment or if a shipment doesn't show up.
Now that the scam has been identified, Bettke and Stewart have tried to correct the problem and alert the public about this scary new, hard-to-detect scam.
The pair is recommending that businesses enable two-step verification for their employees to log into their systems and have created a program that can alert employees to suspicious activity. You can also read their full analysis on the SecureWorks blog.
Fighting against this scam will be somewhat difficult because it is so complex, but these five mystery hackers in Nigeria have made it a little bit easier.