If you had a few million dollars for every time you saw a pleading message from a Nigerian prince seeking your help in liquidating his fortune you’d be in the ballpark. Recently one of the world’s most prolific email scammers was arrested in Port Harcourt, Nigeria, delivering a serious win for the “good guys” in the continuing battle against cybercrime.
Identified simply as “Mike”, the 40-year-old Nigerian mastermind behind the world’s most notorious 419 scams was himself ‘419ed’ following years of a joint investigation by Interpol and the Nigerian Economic and Financial Crime Commission (EFCC). Mike and a 38 years old single unnamed accomplice were arrested under article 419 of Nigeria’s Criminal Code, in not the first, but certainly the largest-scale application of the legislation that gave this category of scam its name.
Their crimes spanning many years across many countries including Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US brought them home some 60 Million dollars in ill-gotten booty. “The network compromised email accounts of small to medium businesses around the world, including in Australia, Canada, India, Malaysia, Romania, South Africa, Thailand, and the US, with the financial victims mainly other companies dealing with these compromised accounts.
Heading a network of at least 40 individuals across Nigeria, Malaysia, and South Africa, which both provided malware and carried out the frauds, the alleged mastermind also had money laundering contacts in China, Europe, and the US who provided bank account details for the illicit cash flow.
Following his arrest in Port Harcourt in southern Nigeria, a forensic examination of devices seized by the EFCC showed he had been involved in a range of criminal activities including business e-mail compromise (BEC) and romance scams.
The two main types of scams, run by the 40-year-old targeted businesses. The payment diversion fraud – where a supplier’s email would be compromised and fake messages would then be sent to the buyer with instructions for payment to a bank account under the criminal’s control – and CEO fraud, also known generally as Advanced-Fee Scams. This brand of fraud was first identified and legislated against as the Spanish Prisoner Scam back in the 19th century. More recently, Nigeria has come to be its torch bearer not based on data (see below), but merely on the prevalence of its most common vehicle – an unsolicited letter that often looks like this.
When most of us first laid eyes on this particular flavor of spam we immediately read between the lines to identify it as malicious and fraudulent. And yet, the 60 Million that Mike and his ring have raked in is but a drop in the bucket in this age-old scheme that continues to dupe unsuspecting fortune seekers. According to Ultrascan AGI (Advanced Global Investigations), totals netted from the scam in 2013 alone totaled a whopping $12.7 Billion. And yet despite the meme-worthy association with Nigeria, that country produces only 6% of the global volume of 419 attacks. Study data from 2006 shows that the US was the biggest contributor at 61%, while the United Kingdom was reported at 16%.
One of the most startling facts to come out of this case was the discovery that some 15 million of Mike’s cybercrime chest was stolen from but one company. This provided a good opportunity for the Executive Director of the Interpol Global Complex for Innovation, Noboru Nakatani to remind us of the heavy and continuing toll of this very rich flavor of fraud.
“The public, and especially businesses need to be alert to this type of cyber-enabled fraud. It poses a significant and growing threat, with tens of thousands of companies victimized in recent years.” Said Nakatani.
And critical to winning that battle according to Abdulkarim Chukkol… Head, Advance Fee Fraud and Cybercrime Section of Nigeria’s EFCC are the IT security operatives that work to secure our corporate networks the world around. “For a long time we have said to be effective, the fight against cybercrime must rely on public-private partnerships and international cooperation.”
It was precisely this kind of partnership that brought down 60 Million Dollar Mike and his accomplice.
Interpol and the EFCC report that the ring was broken…Thanks to a tip from a competitor and venerable security solutions provider Trend Micro in Singapore.
Our hats-off to Trend Micro, Chukkol, his Nigerian team, and Interpol for their stellar investigative work and for sending a clear message to cybercriminals that their days are numbered….