Déjà vu All Over Again

Posted on July 28th, 2014 by Dan Rampe

Scams

Off-the-Shelf Hacking Tool Puts Nigerian Scammers Back in the Game

Though it’s been attributed to him, we don’t really think Hall of Famer Yogi Berra ever said “It’s déjà vu all over again.” However, he definitely did say, “It ain’t over till it’s over.” And, when it comes to Nigerian email fraud, it appears it’s never over.

Of course there are a couple of new wrinkles. One is the scammers have gone “hi-tech.” There is no longer a Mrs. Susan Shabangu, wife of the minister of mining of the Republic of South Africa who needs help collecting $10.5 million in an inheritance. Nor a Nana Wilson, personal attorney to the late Mr. Jack Jacobson, a diamond/gold broker/consultant with a gold export business. She would’ve gone fifty-fifty with anybody who’d claim to be his next of kin to get a $16.8 million inheritance.

Instead of the two emails above which, incidentally were real examples of Nigerian email scams, Nigerian cybercriminals have gone to buying or leasing off-the shelf hacking tools that can get past victims without being detected by traditional antivirus.

Nicole Perlroth on nytimes.com (Find her full article on this link.) writes: “The attacks begin, as so many do, with a malicious email attachment….Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.”

Perlroth goes on to write that criminals are able to lease DataScrambler “for between $25 and $60, depending on how long [they] want to remain undetected as they record their victims’ keystrokes.”

So how do security people know the scam is Nigerian? For one thing, the criminals didn’t bother to cover their tracks by masking their I.P. addresses. For another, one of the criminals repeatedly mentioned “his use of the malware on his Facebook page, where his cover photo [featured] a wad of $100 bills.”

So far this criminal activity has only been detected in Taiwan and South Korea where, instead of attempting to con individuals, the cybercriminals go after businesses.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.