Menu
Nigerian scammers buy exploit kits to defraud Asian businesses

Nigerian scammers buy exploit kits to defraud Asian businesses

Deeper reconnaissance of infiltrated accounts can lead to big thefts

Microsoft Word Intruder is one of the administration tools used by a group of Nigerian scammers to monitor infected computers.

Microsoft Word Intruder is one of the administration tools used by a group of Nigerian scammers to monitor infected computers.

A small group of Nigerian scammers is using more sophisticated methods to defraud mostly Asian businesses, including buying exploit kits and malware from experienced coders, according to a new report from FireEye.

The security company said the group performs deep reconnaissance of its potential victims, jumping inside financial transactions in order to try to divert payments to their own accounts.

The schemes are much more complex than so-called 419 or advance fee fraud scams, where random victims are induced to send funds in order to get a non-existent but much larger payoff.

To carry out the scam, the group often uses the Microsoft Word Intruder exploit kit. The kit can be used to create malicious Word documents that are then sent over email. If opened, the victim's computer will be infected with a keylogger.

The group buys the tools from experienced malicious software coders, paying for remote access tools, keyloggers and exploit kits, FireEye said.

More than 2,300 victims have been targeted in 54 countries. It appears the group seeks out small to medium size businesses in Asia that perform financial transfers to suppliers. By targeting non-Asian speakers, the grammatical atrocities of the phishing emails are also less noticeable, which can be tipoffs to a scam.

The exploit kit will install the HawkEye or KeyBase keyloggers, which collect authentication credentials for email accounts. The scammers then watch those accounts, monitoring correspondence between businesses and suppliers, looking for an opportune moment to inject themselves into a transaction.

"Once the scammers identify an interesting victim, they log into the victims accounts using the stolen credentials and study the different transactions in which the victims are involved," FireEye wrote.

If a pending transaction looks promising, the group creates a similar email address as to the victim, copying the email thread between the two parties to make it look legitimate. The scammers then pressure one party to accept different bank account details, diverting money to their own accounts.

The scammers then use a network of mules to accept the payments into their own accounts and forward it on.

Some operations have been very lucrative successes. FireEye included emails from one scammer to a money mule partner in Indonesia alerting that $900,000 and €300,000 would be transferred to an account soon.

"With this single transaction, the scammer is slated to collect over $1 million," FireEye wrote. "We believe that they launder their money through a few strategies such as buying gold and luxury items, or mixing the money they have obtained through these scams with money collected legitimately."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityFireEyefraud

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments