Young Nigerian scammers have often been called “Yahoo Boys,” because many of their hustles used to target users on Yahoo services. And they’ve embraced this identity. In the rap song “Yahooze”—which has more than 3 million views on YouTube—Nigerian singer Olu Maintain glamorizes the lifestyle of email scammers.
Advanced Nigerian groups have lately increased the amounts they make off with in each attack by targeting not just individuals but small businesses. The FBI estimates that between October 2013 and December 2016 more than 40,000 “business email compromise” incidents worldwide resulted in $5.3 billion in losses. With so many many third parties, clients, languages, time zones, and web domains involved in daily business, it can be difficult for a company with limited resources to separate out suspicious activity from the expected chaos.
‘They spend months sifting through inboxes. They’re quiet and methodical.’
Nigerian scammers will send tailored phishing emails to a company to get someone to click a link and infect their computer with malware. From there, the attackers are in no hurry.
They do reconnaissance for days or weeks, using key loggers and other surveillance tools to steal credentials to all sorts of accounts, figure out how a company works, and understand who handles purchasing and other transactions.