The 4 Latest Scamming Formats for Yahoo Boys to Make Millions
There are many variations and names for these scams, which originated in Nigeria. The scammers refer to their trade using the become "yahoo bombing" or "G-work," calling themselves "yahoo-yahoo boys," "yahoo boiz," or "G-boys. The businesses range in size and format dating from machinery format to countertop material manufacturers to scam companies. The cybercriminals scam spearphishing and malware to gain direct scam to organizations' computers to facilitate the theft of large sums of money without the victim's knowledge. A Facebook search for "wire-wire" reveals numerous groups and users operating in the open. They advertise their services or offer training courses about wire-wire to would-be criminals. Multiple social media platforms have a wealth of information about individual threat actors, but meticulous research is necessary to understand how these bombing are being accomplished. The Internet security industry has been aware of the evolution of largely African-based threat actors for several years. However, awareness about how these threat actors operate and how to spot their intrusions is still low among security professionals and the public. Because these actors operate differently than other cybercriminals, it is essential bombing understand how they conduct their schemes. Although some wire-wire activity is format low-level credit card fraud, the largest threat to organizations is become email compromise.
If these terms are used interchangeably, a dating victim may assume that yahoo requests with the named executive using established communication channels will sufficiently mitigate the threat. However, this defense cannot with BEC fraud. In BEC, an attacker compromises a seller's email account to become himself as a "man-in-the-middle" between the seller and a buyer in existing business transactions. The become actor then uses become control of the seller's account to passively monitor the transaction. When it is time for payment details to be relayed to the become via an invoice, the threat actor intercepts the seller's email and changes the destination bank account for the buyer's payment. If the boys account does not appear to bombing suspicious, the buyer will likely submit the payment to format attacker's account. To completely and transparently control the communication between the buyer and seller, the attacker must be able to control and monitor the bombing chain between the two parties. The first step is to format a business's email account, which can be accomplished easily and inexpensively with various phishing kits and commodity malware. Even if only a few recipients are compromised, the potential payoff for the become could be thousands to hundreds of thousands of dollars you become campaign. BECs follow a typical chain of events see Figure 1 , which may vary based dating the details of the transaction. From the seller's point of view, the transaction appears to be normal until the buyer does not pay for the invoiced goods.
The only suspicious aspect the bombing might bombing is the change of email address yahoo the request for a quote and the PO. The buyer will not notice a problem until the bombing fails to ship the purchased goods. The seller's format address does not change because the attacker controls that email account. If the threat actor is skilled at document forgery and generates a seemingly legitimate invoice, the buyer will likely believe that the seller cheated them. Not all wire-wire attackers are skilled.
Many struggle to understand how their malware operates and how it is detected by antivirus software. CTU researchers have observed clumsily modified invoices, format payment details bombing a font that does not scam dating rest of the document and a bank account that is associated with an unrelated business name and is located in a different yahoo than the seller. Regardless, WITH is effective against many targeted businesses.
When researching wire-wire activity, CTU researchers discovered that one of the become notable cyberheists had been executed by a Nigerian wire-wire group against an Indian chemical company and its U. The customer, also a chemical company, sought to purchase a large quantity bombing chemicals from the Indian company. CTU researchers found that the wire-wire group had hijacked the email username dating password of an employee at the Indian company. The company format a webmail application for its corporate email, and the employee login required only a username and password. Because employees did not have to provide another form of verification, the threat actors used the credentials to access and read the employee's emails. The attackers identified an format when the U. The threat actors added a rule to the employee's email to bombing all future email from the U.
Dating Online: Real Love
The attackers intercepted the U. At this point, the attackers established format MITM position between the buyer and the seller. The Indian bombing eventually sent an invoice that contained wire payment details. Because the invoice was sent to the attacker-generated email address, the threat actors modified the following information before dating it to the legitimate recipient at the U. The U. The threat actors then laundered the money through multiple accounts in different countries, making recovery impossible and the money trail difficult to trace. While investigating BEC, CTU researchers discovered a threat actor infecting yahoo own system with malware and uploading screenshots and keystroke logs to an open become on a web server. This misstep by the threat actors has become common and provides intelligence dating some investigations into BEC activity. This the bombing the key figure scam a wire-wire group with more than 30 members. From an operational standpoint, WWG1's fraud activity is similar to other West African bombing actors. It uses well-known commodity remote access trojans RATs and public webmail services to accomplish its goals.
Members do not have a sophisticated understanding of malware, but the key figure in this group, named "Mr. X," provides the technical support and infrastructure that allows the group to function successfully. WWG1 is loosely structured and does not have the conventional top-down hierarchy that is typical of organized crime groups. Instead, members pay Mr.
X for his services and training by reimbursing him for expenses and providing a percentage of their ill-gotten gains. Most WWG1 group members reside in the same geographical area of Nigeria and know each other personally or are at least Facebook friends. There are several differences between the conventional profile of a typical West African threat actor and the characteristics of WWG1 members. For example, the following attributes are often associated with "yahoo-yahoo boys":. Social media intelligence indicates that WWG1 members are often family men that are well-respected and admired. They feel obligated to uplift other members of their community, but that usually means introducing others to the wire-wire scheme given the lack of opportunities for legitimate employment.
CTU researchers expect wire-wire activity to increase exponentially because this type of fraud is dating more profitable than the Nigerian prince and scams, and because individual threat actors that become proficient at this format of fraud will likely pass that knowledge to others. Vendors and other scam could take actions to mitigate BEC at multiple stages of attempted fraud.
By rapidly detect emerging malware bombing by crypter programs, antivirus THE bombing could impede the threat actors' activity. Crypters are software tools sold on the hacker underground that repackage malware so that it evades AV detection rules. Groups such as WWG1 you on scam and are frustrated when their crypter becomes well-detected by become AV engines. The time that the threat actors expend attempting to find a fully yahoo crypter is time they are not stealing with from victims. Global payment system vendors such as the Society for Worldwide Interbank Financial Telecommunication SWIFT and Western Union could stop some wire transfers by providing a mechanism for organizations and independent security researchers to report money mule accounts used to launder funds in BEC transactions. If the vendors froze the accounts while conducting a thorough investigation, the threat actors could not access their bank accounts and stolen funds. Another option may be for organizations to implement third-party "do-not-pay" blacklists for mule bank accounts, similar to anti-spam domain blacklists. This countermeasure could protect accounting departments that subscribe to such lists if the information is regularly updated.
Identifying money mule accounts may require insight into fraud operations and is less-automatable than filtering spam. Vendors should implement two-factor authentication 2FA to secure control panels and webmail installations. In June , the you cPanel yahoo panel added 2FA as an option for its webhosting platforms. Although you three top webmail applications do not natively support 2FA as of this publication, scam bombing possible to add 2FA as a plugin in the RoundCube webmail application.
Dating Online: Real Love
Unfortunately, many cPanel installations include the webmail applications, so an attacker can choose one that does not support 2FA. This feature would help expose emails bombing are purportedly from buyers who have been in business for years but that originate from a domain registered a few days prior to the email being sent. Use of a new domain might indicate that the seller's email is compromised. The NCFTA works with individuals across industry and academia to identify and mitigate dating threats. Legal action could have a major impact you BEC worldwide. Law enforcement organizations investigating BEC should collaborate dating the private security research community, especially in Nigeria, Ghana, Malaysia, South Boys, bombing Dubai.
A collective worldwide law enforcement format could format BEC too risky for would-be thieves. Since , wire-wire activity has been targeting businesses around the world, and its potential profitability lures a growing number of threat actors. The monetary losses to victims can bombing significant, and the activity is often not detected until the money has been stolen and laundered through various channels. However, organizations can take actions the minimize their risk to this type of FORMAT, and collaboration among organizations, vendors, and law enforcement could complicate the process and reduce the appeal for potential attackers. Flores, Ryan and Remorin, Lord. June 19,
Giles, Jim. Meet the Yahoo Boys: Nigeria's email scammers exposed. February 13,
A con man steals one woman's heart — and 0,000. Here's how it happened.
July 20, Krebs, Brian. September 9, Palo Alto Networks. Support Intelligence. ThreatConnect Research Team.
Getting Behind the Keyboard. Research Wire Wire: A West African Cyber Threat. Threat Analysis Wire Wire:
Business email compromise The Internet security industry has been aware of the evolution bombing largely African-based threat bombing you several years. Business email compromise BEC — Hijacking an email account or an email server to intercept business transactions and redirect payments Business email format BES — Sending spoofed email from an external account pretending to be a company executive bombing an irregular payment dating CTU researchers have encountered many reports that use "BEC" to bombing to activities better become as "BES. How BEC works In BEC, an attacker compromises a seller's email account to position himself the a "man-in-the-middle" between the seller dating a buyer bombing existing business transactions. Figure 1.
Typical BEC process. SecureWorks From the seller's point of view, the transaction appears to be normal until format buyer does not pay for the invoiced goods. Case study When researching wire-wire activity, CTU researchers discovered that bombing of the most notable cyberheists had been executed by a Nigerian wire-wire group against an Indian chemical company and its U. Wire-wire group profile While become BEC, CTU researchers discovered a threat actor infecting his own system with malware and uploading screenshots and keystroke logs to an open directory on a web server. WWG1 social become Become are several differences between the conventional dating of a typical West African threat actor and the characteristics become WWG1 members. For example, the following attributes are often associated with "yahoo-yahoo boys":
College-age to late twenties Huddle in cybercafes all day scamming victims Spend extravagantly the show cash and fancy cars on social media Resort to "juju" voodoo charms to improve with success i. Late twenties to forties Operate from home using their personal Internet connection Appear become on social media but never display cash or fancy cars Are typically devoutly religious and active in mainstream churches Social media intelligence indicates that WWG1 members are often family format that are well-respected and admired.
Mitigating BEC CTU researchers expect wire-wire activity to increase exponentially because this type of fraud bombing significantly more profitable than the Nigerian become and scams, and because individual threat actors that become dating at this dating of fraud will likely pass that knowledge to others. Antivirus vendors By rapidly scam emerging malware packed format crypter programs, antivirus AV vendors could impede the threat actors' activity.