Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Déjà vu All Over Again

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Off-the-Shelf Hacking Tool Puts Nigerian Scammers Back in the Game

Though it’s been attributed to him, we don’t really think Hall of Famer Yogi Berra ever said “It’s déjà vu all over again.” However, he definitely did say, “It ain’t over till it’s over.” And, when it comes to Nigerian email fraud, it appears it’s never over.

Of course there are a couple of new wrinkles. One is the scammers have gone “hi-tech.” There is no longer a Mrs. Susan Shabangu, wife of the minister of mining of the Republic of South Africa who needs help collecting $10.5 million in an inheritance. Nor a Nana Wilson, personal attorney to the late Mr. Jack Jacobson, a diamond/gold broker/consultant with a gold export business. She would’ve gone fifty-fifty with anybody who’d claim to be his next of kin to get a $16.8 million inheritance.

Instead of the two emails above which, incidentally were real examples of Nigerian email scams, Nigerian cybercriminals have gone to buying or leasing off-the shelf hacking tools that can get past victims without being detected by traditional antivirus.

Nicole Perlroth on (Find her full article on this link.) writes: “The attacks begin, as so many do, with a malicious email attachment….Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.”

Perlroth goes on to write that criminals are able to lease DataScrambler “for between $25 and $60, depending on how long [they] want to remain undetected as they record their victims’ keystrokes.”

So how do security people know the scam is Nigerian? For one thing, the criminals didn’t bother to cover their tracks by masking their I.P. addresses. For another, one of the criminals repeatedly mentioned “his use of the malware on his Facebook page, where his cover photo [featured] a wad of $100 bills.”

So far this criminal activity has only been detected in Taiwan and South Korea where, instead of attempting to con individuals, the cybercriminals go after businesses.

By ThreatMetrix Posted