With more and more internet users now wise to email scams, scammers are utilizing increasingly advanced techniques to stay one step ahead of their targets. A pair of researchers recently stumbled on a new a “wire-wire” technique that earned a 30-strong group of Nigerian scammers as much as $3 million a year, at least until one prominent member accidentally infected himself with his own malware.
IEEE Spectrum reports that SecureWorks security experts Joe Stewart and James Bettke were alerted to this new kind of attack in February after they stumbled upon a keylogger that was sending unsecured data to an open web server. They watched for months as the ring collected keystrokes and screenshots of important documents from unsuspecting users. But because the malware was running on the scammers’ computers too, it also gave them an important insight into who was behind the thefts, the tools that were used, the names of the affected businesses and the sums of money being transferred to third-party accounts.
Unlike traditional email scams, which rely on spoofing a business email to trick respondents into sending money to a fraudulent account, wire-wire scammers grab a collection of email addresses from publicly available sources and then target them with malware. Once that target is infected, they are able to access to their email account(s) and begin identifying clients or suppliers that they have a relationship with.
The ring is then able to intercept any emails containing invoices, substitute the target’s details with their own and force the supplier to unwittingly credit the scammers’ account. The technique is a lot harder to trace because it happens behind closed doors, but there’s been enough of a rise in business email scams that the FBI has been forced to issue a warning.
Since February, the Secureworks team watched the scammers reroute transactions averaging between $30,000 and $60,000, mostly from small and medium-sized businesses that mainly conduct international deals. IEEE notes that in one case, thieves successfully rerouted a $400,000 payment from a US chemical company to its Indian supplier.
Often, neither company knows something is amiss until a delivery or payment is marked overdue. Stewart and Bettke even tried to tell some of the targets that they were being scammed but were mistaken for scammers themselves. That said, they were able to successfully notify Nigeria’s Economic and Financial Crimes Commission, which is now conducting at least one active investigation.