Nigerian-phishing scammers steal more than just money
By Digital News Asia July 19, 2017
- Scammers are using different malware and pooling resources together to hit companies hard
- Best practices include education, double-checking requests, installing security solutions
THE classic “Nigerian Prince” was one of the most common email scams known to date. Now Nigerians-phishing scammers are making the headlines once again as a recent surge in phishing and payment-interception attacks on individual companies are also stealing victim’s project and operational plans according to a report by security company Kaspersky Labs.
The report titled Industrial Control Systems Cyber Emergency Response Team states that Business Email Compromise (BEC) attacks, often linked to Nigeria, seek to hijack genuine business accounts which attackers can monitor for financial transactions to intercept or redirect.
Just in October 2016 alone, Kaspersky Lab researchers noticed a significant spike in the number of malware infection attempts targeting industrial customers. Attacks were made against over 500 industrial, transport and logistics companies in 50 countries.
The method of entry comes in the form of a carefully crafted phishing email that appears to originate from a company’s suppliers, customer or commercial organisations. Using malware, cheaply available on the black market to steal confidential data and install remote administration tools on infected systems, they gain access.
It is difficult for a victim to realise that they are being duped as the attacker redirects messages to their own mailbox, looking for lucrative transactions. Via a classic man-in-the-middle attack, the attacker replaces the account details of a legitimate seller’s invoice with the attacker’s own.
But it is more than just a monetary loss for these companies. Screenshots of operations and project plans, as well as technical drawings, were among the data stolen.
“There is no need for the attackers to collect this kind of data in order to perpetrate their phishing scams. In addition to the direct financial loss, a Nigerian phishing attack poses other possibly serious threats,” said Kaspersky Lab Critical Infrastructure Threat Analysis senior security researcher Maria Garnaeva.
Kaspersky Lab’s researchers found that it could be just one cybercriminal group behind the attacks, making use of different malware or a number of groups cooperating and sharing resources. Notably. most domains were registered to residents of Nigeria.
Security best practices that Kaspersky Lab recommends include educating employees on the essentials of email security, by ensuring they do not click on suspicious links and attachments before checking the origin of an email.
Installing a security solution on all workstations and servers with all the updates without delay is also paramount.
Should the system be compromised, passwords for all accounts should be changed with immediate effect.