Stolen profits from business email compromise (BEC) schemes, including the infamous “Nigerian” email scams, have grown exponentially across the globe over the past decade.
From January 2015 to February 2017, identified losses from such scams had increased 1,300 percent, totaling over $3 billion globally. By May 2018, the losses had grown to $12.5 billion, according to the FBI’s IC3 (Internet Crime Complaint Center).
BEC scams, also known as “cyber-enabled financial fraud,” use deceptive emails that employ phishing and social media fraud tactics to target victims. Common conventional methods include spoofed emails and malware; tracked real estate and romance. Victims are often persuaded to make wire transfers to bank accounts controlled by perpetrators.
These schemes have been reported in all 50 states in America and across 150 countries worldwide.
“I know you have banking trojans and different kinds of ransomware, but when you go and look at the numbers, BEC and related fraud is the number one financial threat to the industry,” Ronnie Tokazowski, senior malware analyst at Flashpoint and founder of the BEC List, told The Epoch Times.
“Just looking at the money that’s lost, it’s not a linear graph. It kind of starts peaking up. More and more people are getting into this game because they are able to see profits.”
The BEC List is a sequestered industry group with 530 members including Fortune 500 companies, law enforcement, researchers, and internet companies who have been privately collaborating against Nigerian email schemes for the past three years—and it recently went public. The group has contributed to over a hundred fraud-related arrests worldwide.
Prominent destinations of laundered funds include “Asian banks located in China and Hong Kong” according to the FBI. Recently, financial institutions in the United Kingdom, Mexico, and Turkey have also been identified by the FBI as primary locations, based on financial data.
Foreign criminals perpetrate many of the BEC scams, some individuals are members of transnational criminal organizations that originated in Nigeria but have since spread globally.
Tokazowski said that many of the common BEC tactics come from Nigeria. Probably the most widely known involves a foreign perpetrator who states that his money is tied up temporarily and offers his victim a large sum of money if they pay the “taxes.” Many of these scams try to appeal to the victim’s emotions.
According to Tokazowski, the culture in Nigeria plays a significant role in encouraging BEC schemes. He said Nigeria has infamously become a “hotbed” for it.
“With Nigeria, one of the bigger culture shifts is really the level of corruption—the kind of culture that in some places, this is acceptable and this type of fraud is acceptable. You also have cases where previous BEC actors who go under the handle the ‘Yahoo Boys’ were very highly praised.”
The Yahoo Boys, young Nigerian men, employed a range of internet fraud tactics to get rich and often flaunted their lavish spoils, promoting a desirable way of life for the con-artists.
The schemes also infiltrated Nigeria’s music industry.
“A lot of these Nigerian rappers they’ll go and start singing, they’ll make rap songs singing praises of their operations and how they were able to wire money off and things like that,” Tokazowski said. “It’s this culture that developed to kind of legitimize the business of stealing money from different clients.”
Tokazowski referenced one rap video titled “I Go Chop Your Dollar” as an example. The lyrics referenced wire fraud profusely and the rapper was eventually arrested several years later.
The song includes lyrics such as: “I be the master. I go take your money and disappear, you are the loser and I am the winner. The contract na you I go give em. But you go pay me more money, make I bring em.”
Several members from Tokazowski’s BEC group were also involved with an FBI operation dubbed “Wire Wire” that aimed to disrupt BEC schemes and culminated in the arrest of 74 people in the United States and overseas. In Nigeria, 29 perpetrators were arrested, according to the Justice Department.
The operation seized nearly $2.4 million and recovered approximately $14 million in fraudulent wire transfers.
Tokazowski also described the BEC schemes from Nigeria as not too technically complex when compared to other countries.
“From a technical perspective, I would consider it lower level … it’s usually more simple with how they do it,” he said. “If Nigeria were to become a nation-state threat, I would say that they are probably a couple of years away from that.”
He also noted that Nigerian scammers are evolving and what they do still affects people today.
“Just with the way that they are operating its a very difficult crime to look at and solve,” he said. “There’s no malware associated with it. With a lot of fraud going on with this stuff, you have human lives that are affected.”
Scammers also are constantly trying to figure out new and creative ways to steal money.
Tokazowski said of the emerging tactics he has seen recently involved the use of gift cards to get personal information, often through the use of a romantic phishing account.
“A lot of the actors are learning, it’s starting to become a problem,” he added.