ESET exposes tactics of a Nigerian cybercrime group

Phishing attacks were at the centre of their operation strategy, but business email compromise (BEC), work-from-home fraud, check fraud and credit card scams also featured in the group’s arsenal.

 Computer Hardware, Electronics, Hardware, Monitor, Screen, Computer, Laptop, Pc, Alarm Clock, Clock, Plant, Furniture, Table, TV

A Nigerian cybercrime group has been exposed for their sophisticated phishing techniques and fraud operations, resulting in significant financial losses. The actions of key individuals, Solomon Ekunke Okpe and Johnson Uke Obogo, have been detailed in a blog post by ESET. Okpe has been sentenced to four years in prison, while Obogo received a one-year sentence.

The cyber criminals utilised various deceptive techniques, such as business email compromise (BEC), work-from-home fraud, check fraud and credit card scams. Phishing attacks were at the centre of their operation strategy, enabling them to unlawfully access corporate email accounts and trick unsuspecting individuals and businesses into sending them money. They also exploited weak passwords to infiltrate the accounts of their targets.

After gaining unauthorised access to the victims’ accounts, Okpe and his accomplices carefully targeted the companies that did business with the victim. By conducting thorough investigations using publicly accessible data, they created customised emails that were extremely deceptive, making it difficult to identify them as fraudulent. This high level of sophistication allowed them to sustain a notable success rate.

Apart from utilising phishing attacks, the cybercriminals also engaged in work-from-home scams, where they impersonated legitimate employers and took advantage of unsuspecting job seekers. Moreover, they employed tactics commonly associated with romance scams to target vulnerable individuals. Through building trust with their victims, Okpe and his associates coerced them into becoming money mules, transferring funds overseas and receiving cash from fraudulent wire transfers.