The Culture of Cybercrime in West Africa
Credit to Author: Ed Cabrera (Chief Cybersecurity Officer)| Date: Thu, 09 Mar 2017 11:00:52 +0000
As part of our ongoing research into the cybercriminal underground markets of the world, Trend Micro researchers today released a report detailing Cybercrime in West Africa. This report leverages our ongoing partnership with INTERPOL to provide survey data and a deeper understanding of the regions cybercriminal ecosystem.
While tactics play a role in the success of West African cybercriminals, the greatest contributor to the proliferation of cybercrime in this region is their long history of defrauding victims globally. Viewed as outsmarting victims, cybercrime is encouraged in West Africa – especially Ghana where the ritualization of online fraud, sakawa, is practiced. Sakawa recognizes that a Supreme Being blesses scammers with protection and good fortune, eliminating the unethical implications and encouraging West Africans to defraud foreign victims.
It can be argued that West African threat actors turn to cybercrime as a means to an end to provide for themselves and their families. A survey conducted by INTERPOL revealed that each year nearly half of the 1 million graduates from more than 668 African universities are unemployed.
In terms of communication, West African cybercriminals willingly share tricks of the trade with one another and teach newbies how to con potential victims. The open lines of communication could be what’s sustained this ecosystem for so long and explains how effective scams have risen to popularity.
The Major Players
The two most common types of cybercriminals in West Africa are known as the “Yahoo Boys” and “Next-Level Cybercriminals.” These two groups portray distinct characteristics and operate different types of scams based on their levels of experience.
Yahoo Boys, named for their use of Yahoo apps to communicate, are often part of groups operating in the same physical location and supervised by a more experienced ringleader. These cybercriminals see a scam from beginning to end and often carry out multiple attacks at one time. They specialize in advance-fee, romance and stranded-traveler scams, such as the “Nigerian Prince” phishing emails that brought West Africa on the theoretical map of cybercrime in the early 2000s. Their goal is to convince unsuspecting victims to transfer large sums of money for a variety of illegitimate reasons. Yahoo Boys typically lack maturity and actively use social media to show off their ill-gotten wealth.
Meanwhile, Next-Level Cybercriminals are the opposite of Yahoo Boys. This group consists of well-off and highly respected family men who are mature in terms of personal behavior. Albeit new to the scene, Next-Level Cybercriminals engage in more complex attacks, such as Business Email Compromise (BEC) and tax scams, by using malware and other crime-enabling software from Russia and other English speaking underground markets. They also maintain connections and accounts overseas as a way to feign legitimacy with their victims and keep law enforcement at arm’s length. Due to the sophisticated social engineering tactics required to pull off these scams, significantly more research and effort goes into the crimes committed by Next-Level Cybercriminals.
What Next?
The INTERPOL survey showed West African cybercriminals rake in an average $2.7 million from businesses and $422,000 from individuals. The substantially larger payout from enterprises explains why these cybercriminals prefer BEC and tax scams and use simpler attacks to sustain their revenue stream.
Although there is currently no underground marketplace in West Africa, we can anticipate one to emerge in the near future as these cybercriminals hone-in on their skills and adopt new tactics. Despite roadblocks related to investigating cybercrime in this region, the INTERPOL survey revealed 30 percent of crimes reported to law enforcement each year lead to arrests. It is our hope that in partnership with INTERPOL, we can raise this number and alleviate further cybercriminal activity in West Africa.
http://feeds.trendmicro.com/TrendMicroSimplySecurity