INTELLIGENT BRANDS // Enterprise Security
Growing West African
cyber syndicate cannot
be ignored
West African cybercrime operations have matured from Yahoo boys
style and will likely soon reach the scale of global threat actors.
The Internet aids cybercriminals to do two
essential things in order to steal money
from victims—create fake personas and
attempt to defraud as many victims
as possible. Creating personas usually
involves obtaining several email addresses
for various online profiles, even on social
media, to support acts of fraud. Performing
fraud against potential victims, meanwhile,
involves sending them socially engineered
emails and messages.
As early as 2012, Trend Micro predicted
that we would see a cybercriminal
underground market emerge from the
Western Africa region. To more clearly
map the landscape, Interpol conducted
a survey among its member countries
in West Africa. The countries covered by
the Interpol Regional Bureau for West
Africa include Benin, Burkina Faso, Cape
Verde, Côte d’Ivoire, Gambia, Ghana,
Guinea, Guinea-Bissau, Liberia, Mali,
Mauritania, Niger, Nigeria, Senegal,
Sierra Leone and Togo.
Two major types of cybercriminals reign
in West Africa, so-called Yahoo boys
and next-level cybercriminals. Yahoo
boys excel in committing simple types
of fraud, advance-fee, stranded-traveler
and romance scams-fraud under the
supervision of ringleaders or masterminds.
Next-level cybercriminals, meanwhile, are
44
INTELLIGENTCIO
more experienced and prefer to pull off
long cons business email compromise
or BEC and tax scams-fraud or crimes
that require more time, resources, and
effort. They use malware keyloggers,
remote access tools-Trojans or RATs,
and other crime-enabling software
email-automation and phishing tools,
crypters, that are easily obtainable from
underground markets.
West African cybercriminals have one skill
they are particularly good at—defrauding
victims. But why resort to cybercrime? It
is actually quite simple, almost half of the
10 million graduates from more than 668
African universities each year do not find
employment. According to the Interpol
survey, West African law enforcement
agencies recognise that about 50% of
the cybercriminals that they identified in
the region are unemployed.
Note that West African cybercriminals
are far more trusting than their French
counterparts, according to previously
published Trend Micro research. They
constantly communicate with one
another. They do not hesitate to share
know-how with fellow cybercriminals.
This is actually how newbie
cybercriminals learn to defraud potential
victims and eventually differentiate
themselves from others.
Advance-fee fraud also known as 419
fraud in the Nigerian Penal Code, romance
fraud, and the newer BEC fraud are not
only committed by known groups. Novices
start off committing 419 fraud then
move on to more complicated schemes
such as BEC fraud. Cybercriminal gangs,
meanwhile, may prefer to pull off romance
or BEC fraud. It all just depends on their
preferences, needs, and available resources.
The Interpol survey confirms that a West
African cybercriminal group will generally
commit multiple types of fraud.
Yahoo boys, dubbed such due to
their heavy use of Yahoo! apps for
communication via email and instant
messaging IM in the early 2000s, are
www.intelligentcio.com