Report on the West African threat landscape

Trend Micro in partnership with INTERPOL recently released a report on the West African threat landscape titled “Cybercrime in West Africa: Poised for an Underground Market.”

The 34 page report among other things examines the current state of cybercrime in West Africa, West African cybercriminal tools and West African underground market.

Some excerpts from the report as published on the Trend Micro website states thus:

There are two major types of West African cybercriminals—Yahoo boys and next-level cybercriminals.

Yahoo boys are typically 20−29 years old and like to brag about their ill-gotten gains on social media, particularly on Facebook. They have been dubbed such due to their use of Yahoo! Apps in the not-so recent past. These days, they more heavily rely on social media for both communication and their criminal operations. They have basic technical know-how and typically work as part of a group supervised by a ringleader and mastermind.

Yahoo boys are likely to pull off the following scams:

  • Advance-fee scam: Scammer pretends to be a member of a royal family seeking help with regard to the transfer of wealth. Other variations include the scammer informing the victim that he/she has won the lottery.
  • Stranded-traveler scam: Scammer masquerades as a victim of a very unfortunate circumstance (an “emergency”) while traveling abroad and seeks the victim’s immediate financial assistance.
  • Romance scam: Scammer leverages the trust and romantic relationship he/she has built with the target users to ask for financial support.

Next-level cybercriminals, meanwhile, are the complete opposite of Yahoo boys. They are relatively older (around 30 or older) and more technically adept. They frequent and purchase their tools (keyloggers and remote access tools/Trojans [RATs]) from underground forums. They also have ties, financial accounts, and networks in the countries their targets reside in. This helps them more smoothly carry out operations.

Next-level cybercriminals prefer to pull off “long cons,” more often related to more complex scams like:

  • Business email compromise (BEC) scam: Scammer compromises the email account of an executive and tricks the company’s finance department to wiring large sums of money to an account he/she controls. BEC scammers have amassed US$3 billion from October 2013 to May 2016 from pulling off this type of scam.
  • Tax scam: Scammer pretends to be an executive of the target company asking for W2 information from its human resources department in hopes of stealing tax returns intended for certain employees.

In a nutshell, there is an emerging underground market in West Africa according to the report, and more concerted efforts are needed to nip this in the bud before it evolves into a sophisticated market.

Categories: Cyber Crime

Tags: , , ,

Leave a Reply

%d bloggers like this: