West African computer criminals steal approximately three million dollars annually from businesses and individuals, finds a new report.
In their report Cybercrime in West Africa: Poised for an Underground Market, Trend Micro and INTERPOL say West African bad actors stole 2.7 million USD from businesses and 422,000 USD from individuals each year between 2013 and 2015. The study’s authors attribute this level of theft to several factors. First, they feel that a lack of gainful employment in the region leads many to embrace the life of a computer criminal. An INTERPOL survey found that about half of West African computer criminals identified as unemployed. That’s a problem when as many as half of 10 million students who graduate from 668 African universities each year don’t find employment.
INTERPOL and Trend Micro also trace the fraud back to the diverse structure of the West African computer criminal world. Individuals can become money mules, IT technicians who supervise a scam’s infrastructure, financial operators who oversee transactions, fraud operators who design social engineering techniques, and leaders. These roles all fit within fraud schemes designed by two categories of digital attacker.
The authors explain more in their report (PDF):
“Two major types of cybercriminals reign in West Africa—so-called ‘Yahoo boys’ and ‘next-level cybercriminals.’ Yahoo boys excel in committing simple types of fraud (advance-fee, stranded-traveler and romance scams/fraud) under the supervision of ringleaders or masterminds. Next-level cybercriminals, meanwhile, are more experienced and prefer to pull off ‘long cons’ (business email compromise [BEC] and tax scams/fraud) or crimes that require more time, resources, and effort.”
BEC scams, which have cost victims 3.1 billion USD in losses over the past few years, are just one of the campaigns employed by West African computer criminals. These bad actors also commit advance fee fraud, romance fraud, tax fraud, and other types of the scams with the help of email automation and phishing tools. The fact these attackers are beginning to use even more sophisticated tools like keyloggers and RATs points to a growing evolution of digital crime in the region.
Trend Micro and INTERPOL see these advanced techniques leading somewhere:
“West African cybercriminals will eventually start creating online communities, not just small groups of close friends with whom they share technical skills and know-how. Some may start selling products and services that work for their crimes, leading to the formation of a West African underground market. Younger West African cybercriminals and those working toward becoming criminals will continue to be as bold as those from Brazil, 26 flaunting their ill-gotten gains for the world to see.”
To counter the growth of West African digital crime, the authors feel greater law enforcement in the region as well as increased security awareness training among employees is necessary.