A new report by Trend Micro, written in collaboration with INTERPOL, has shown that west African cyber-criminals have gained serious expertise in committing crimes against individuals and businesses, including “very clever social engineering tactics”.
According to the report, the volume of cyber-crime related complaints received in West Africa increased from 940 incidents in 2013 to 2182 incidents in 2015.
Law enforcement agents in the region did not remain idle though, as the INTERPOL survey revealed that an average of 30 percent of the cyber-crimes reported to them each year led to arrests.
Trend Micro research on BEC fraud showed that the most-targeted country was the United States, closely followed by China.
The company also says the manufacturing industry was the most targeted by BEC fraudsters, followed by a long list of other industries including food and beverage, transportation, and healthcare.
This is possibly due to the fact that manufacturing companies typically supply resources to smaller companies and so engage in a lot of email conversations and transactions that may contain invoice details.
Although an average of 30 percent of the total number of cyber-crimes reported to West African law enforcement agencies each year resulted in arrests, some of the INTERPOL survey respondents cited recurring roadblocks when it came to investigating cyber-crime.
These include difficulties in obtaining information from overseas and identifying cyber-criminals and their physical locations. Possible reasons for these challenges include lack of logistical resources and cyber-crime training for local law enforcement agents as well as the lack of cyber-crime laws in the country or region concerned.
Two major types of cyber-criminals reign in West Africa - so-called “Yahoo boys” and “next-level cyber-criminals”.
Yahoo boys, according to Trend Micro, excel in committing simple types of fraud (advance fee, stranded-traveler and romance scams/fraud) under the supervision of ringleaders or masterminds.
Next-level cyber-criminals, meanwhile, are more experienced and prefer to pull off “long cons” (business email compromise [BEC] and tax scams/fraud) or crimes that require more time, resources, and effort. They use malware (keyloggers, remote access tools/Trojans [RATs], etc.) and other crime-enabling software (email-automation and phishing tools, crypters, etc.) that are easily obtainable from underground markets.
Trend Micro says: “Cyber-criminals are bound to continue honing their know-how, skill sets, and arsenals to slowly but surely form their own community. There may not be a West African cyber-criminal underground market now, but cyber-crime is definitely an issue in the region.”
It added: “This can be seen from the constant increase in the volume of cyber-crime related complaints targeting both individuals and businesses that law enforcement agencies in the region receive, as shown by the INTERPOL survey.”
According to Trend Micro, the West African criminal culture is a forgiving one when it comes to fraud. According to the firm, some surveyed claims that the culture encourages cyber-crime, equating it to outsmarting victims, especially foreigners.
This cultural mindset is reportedly most evident in Ghana where sakawa—a ritualised practice of online fraud—is practiced. In sakawa, a supreme being is believed to bless criminals with protection and good fortune. This encourages West African cyber-criminals to defraud foreign victims (typically Westerners) online as a means to escape poverty. It even serves as a means to justify ends, taking out the unethical element in victimising the unwitting.
Back in August 2016, Trend Micro collaborated on the arrest of the head of an international criminal network suspected of stealing more than US$60 million through business email compromise (BEC) scams and CEO fraud.
The arrest was the result of a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission utilising Trend Micro research to identify and arrest the culprit.