Businesses the New Target for Nigeria’s 419 Cyber-Scammers

Nigeria's 419 Scammers Changing Targets

Nigeria has long been a hotbed for cyber scammers notorious for preying on individuals to steal funds using social engineering techniques, but according to a new report, now businesses are becoming their targets and data theft their objective. Global Digital Forensics’ founder talks about the importance of social engineering awareness for businesses, how that critical awareness can be raised, and why regular testing is vital.

419 scammers changing targets

As reported in this article published by Infosecurity magazine on July 23rd, new research by Palo Alto Networks shows that Nigeria’s infamous 419 scammers are starting to rewrite their playbook, now focusing more on businesses and their digital treasures instead of targeting individuals en masse who have become increasingly wise to their tactics over the years. Global Digital Forensics (GDF) founder and CEO/CTO, Joe Caruso, talks about the evolution of 419 scams and what organizations can do to help protect themselves from the onslaught.

As technology has evolved, so too have 419 scammers

419 scams got their name from the article of the Nigerian Criminal Code dealing with fraud, in particular, confidence jobs which con targets with the promise of a large sum of money which will require some sort of fee up front in order to be released, and they’ve been at it for decades. Years ago, actual phone calls, letters in the mail and faxes where their chosen attack vectors, but when the Internet finally became the preferred mode of communication, 419 scammers quickly adjusted and saw their ill-gotten gains multiply like never before, thanks to the global audience now at their fingertips who were largely inexperienced in recognizing the social engineering tricks these scammers spent years refining. Post offices, phone calls and faxes originally used had substantial up-front costs for these 419 scammers, but email, and now social networking sites, are free, making the overhead to reach millions of potential victims virtually nil.

Coming to an inbox near you

As Caruso points out, “Anybody with an inbox has most likely seen 419 scam attempts many times. All those lotteries you seem to have won, all those super-wealthy long-lost relatives you never knew you had leaving you a substantial inheritance, strangers that seem to have decided you are such a good person they chose you to carry out their dying altruistic wishes, and when current events dictate, even those pleas from warzones or disaster areas asking for help to transfer funds out of the country, which of course you will be handsomely rewarded for doing, are all old favorites which are still used every day. Unfortunately, those who can least afford to be stung are the ones who typically do get caught in the web, like elderly folks on a fixed income, the unemployed and desperate, and poorer developing countries who are just plugging into the online world and have never seen their tactics before. Everybody gets tempted the first time they see the notification of their lottery winnings, but these days most know it’s all bull and move on. That’s most likely the reason 419 scammers are starting to change their crime model, moving from individuals to businesses and looking for valuable data to steal right off a business system or network instead of playing the effort-intensive long cons they’ve relied on for so long. Now all they have to do is get one person in an organization to open an email attachment or follow a link which will install a RAT (Remote Access Trojan), and they will have the access they want and often free reign over all the organization’s sensitive data and digital assets to steal funds directly, sell it off for real cash on underground black market sites, or even use what they find for blackmail or extortion if the opportunity presents itself. After all, how much would an organization be willing to pay to avoid having their IP (Intellectual Property) and other trade secrets from landing in a competitor’s hands and driving them out of business altogether. But there are key things organizations can do to substantially reduce the chance of becoming their next victim, and it all has to do with awareness and testing.”

To defend against 419 scammers, regular testing and raising awareness enterprise-wide are crucial

“The essence of a 419 scam is not advanced malware or technological savvy, it’s all about preying on the weakest link in any cyber security chain, the human element,” says Caruso. “If a 419 scammer can successfully set a hook in just one individual in an organization by playing on their curiosity, ego, desperation, or even pure greed, that’s all it takes for an attacker to basically assume the victim’s role as an insider of the organization, with all their access and privileges to move about the network freely. That means after the malicious attachment has been opened, or the link followed to a malicious site is clicked, which downloads and installs the attackers RAT malware on their system and/or network, attackers can move sideways within the network without being detected, essentially allowing them to pick and choose what data, from confidential company information to full credentials, they can best leverage for profit. So clearly it’s paramount to stop that initial breach from occurring, and if it already has, to find the malware and eradicate it as quickly as possible. That’s why we put such a strong focus on social engineering during our professional vulnerability assessments and penetration testing (pen-testing) . We will not only run deep scans on the entire network to weed out rootkits and other nasty malware that standard signature-based antivirus and anti-malware simply cannot detect, we’ll also assume the role of real-world attackers and use the social engineering ploys they use. We’ll create realistic looking fake websites to entice users to divulge their credentials, we’ll launch well-crafted phishing and spear phishing campaigns, and even make phone calls, all with the express purpose of gaining that trusted access which attackers covet, without all the nasty consequences that come with a real attack. And after all is said and done, we’ll not only have existing dangers like malware eradicated, but we’ll also be able to use our successes from the pen-testing phase to drive home what needs to be covered and improved from an awareness perspective. Nothing has a teaching impact like catching users red-handed, and to date, we’ve never failed to infiltrate a network we set out to. From there we can offer customized security solutions and even arrange in-house training to raise that vital awareness across the board by using the lessons from our testing as a springboard to a stronger overall cyber security posture for any organization.”

Don’t become the next victim, expert help is only a phone call away

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics , cyber security and emergency incident response , with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.