The techniques of a Nigerian cybercrime group have been revealed, together with their complicated phishing methods and intensive fraud scheme.
The findings, revealed by ESET in a weblog put up launched earlier in the present day, pertain to the actions of two people on the middle of a prison enterprise that resulted in losses of as much as $1 million: Solomon Ekunke Okpe and Johnson Uke Obogo.
Okpe and Obogo have now been sentenced to 4 years and one 12 months behind bars, respectively.
Learn extra on Okpe’s sentence: 4 Years Behind Bars for Prolific BEC Scammer
In accordance with ESET, earlier than their incarceration, the cyber-criminals utilized numerous fraudulent strategies, together with enterprise e-mail compromise (BEC), work-from-home fraud, examine fraud and bank card scams.
The scammers used phishing assaults as their major weapon to achieve entry to company e-mail accounts and trick folks and companies into sending cash to them with out permission. In addition they relied on weak passwords to entry the accounts of their targets.
“The takeaway? At all times use lengthy, complicated, and distinctive passwords or passphrases to keep away from having your entry credentials simply guessed or brute-forced,” reads the ESET report.
After having access to victims’ accounts, Okpe and his group focused workers of corporations related to the victims by extensively researching publicly obtainable info. The cyber-criminals then composed personalised emails that had been tough to acknowledge as fraudulent.
ESET additionally highlighted how the scammers employed work-from-home scams, masquerading as official employers and preying on job seekers. In addition they prayed on victims utilizing romance rip-off techniques.
“After gaining victims‘ belief, Okpe and others used them as cash mules to switch cash abroad and obtain money from fraudulent wire transfers,” ESET wrote.
“Many romance scammers borrow from the identical playbook, which makes it simpler to acknowledge and keep protected from their tips.”
A listing of suggestions aimed toward defending people from scams like that is obtainable within the ESET weblog put up.
