The styles associated with Sakawa scammers have been highlighted in previous articles, but today I would like to describe the anatomy of a scam for people to be aware of just how they complete these wicked assaults on our inboxes. This could serve as a guide for Sakawa, but is intended to give insight. Nothing is new here – these guides are passed through the African scam communities already. Like a traditional social engineering assessment, the first stages are very much recon. The OSINT skills held by even the youngest members of these gangs beggars belief. Over the years, the collation of potentially good marks has become an art form, mastering the basics of psychological profiling and proofing suitable marks in a very efficient manner.
How do you become a target to these scammers?
You might have seen on social networks articles instructing you to perform an action and like a post. A recent one that grabbed my attention was on LinkedIn: a picture of a large shark was behind a boat, and the author asked you to like the post and type a '6' to see the picture magically change – something outside the technical abilities of that site. So, almost predictably, the list of people grows on the post, scores of 6’s flood in and the occasional remark of ’nothing happened’ accompanies them. Nothing more of this is usually thought about but in the background, someone finds this data very useful. To be blunt and save the complex psychology behind it, these are society's believers – dreamers that in Africa are referred to as mugus or ‘Big Fools’. By typing a '6,' they unwittingly show that they are gullible and not truly IT savvy. These people unfortunately end up on a 'Suckers List,’ and these details are traded amongst Sakawa gangs. Many ways to build these lists exist and they range in quality. They lure in victims from forums that might focus on the passing of a loved one, building a portfolio of lonely widows; they watch when you join an online dating site and complain your husband doesn’t show you attention; when you boast about your life possessions and wealth on Facebook. These highly-focused data sets would be ideal for the CatFish scam but nothing beats big data when you’re looking for easy money. Large dumps consisting of millions of email addresses from all around the world, built from years of hacking and data breaches make these lists an essential sakawa resource. I guarantee almost every data breach will inevitably end up being passed about until it finds itself on one of these spam lists, which are available for sale or trade to these groups via online black markets. In fact, Sakawa scams are all amongst us everyday. If you don’t believe me, head to your Facebook page and search for ‘Email Lists’ and head to Pages… these lists are traded beneath our noses for spammers and Sakawa stars in the making.
So, I’m on a list. What now?
This is where the styles differ dramatically. If your email address was gathered from a very widespread source, then the spammers would lead towards advance fee-type frauds and fake beneficiary scams. They might request £5 to release a parcel from customs; free pets on gumtree that require payment for vaccinations before handing them over; or new, international online bank accounts that require a fee of £50 to open. The list is endless but they all rely on bulk emails being sent and a very low margin of success. They profit heavily from the 0.5 percent of people that comply and transfer money to them on PayPal, Western Union or through bank transfers. Furthermore, they usually present something to give an element of genuineness, such as a royal mail email, a real gumtree advert, a website for a bank, etc. If you have become a focus after gathering very targeted information, then the scammers will work a mark for weeks in order to be convincing that they are genuine. They'll send flowers to a widow, or shower a romantic interest with attention. They will befriend you on Facebook – nothing online is off limits to them. The night is spent chatting to several marks at once, with different stories and intentions for each one, and different fake online personas for each story. The Sakawa ‘magic’ is then applied to induce a feeling of love. Love is the one thing they all aim for and when this stage is reached, they will cash in. This isn’t the kind of love common in society though, they mould themselves to be whatever they have to be: a shoulder to cry on, a good listener, wealthy, a soldier – whatever the mark desires.
After a secure bond has been built with the mark, the scammers' intentions will turn towards finances in the most elaborate ways. They will claim that a family a member has cancer, or a child is in the hospital, or that they require a plan ticket to visit. They are so good at what they do that it is normally the mark that first requests to send money out of compassion. It is this exact moment when people are most blinded by these scams. If a close family member told you it was a scam, you wouldn’t believe them. If your bank warned you about the transfer, you would ignore it. The desire to be real drives these actions – actions that stem from compassion and a genuine desire to help. So, you transfer money… they will ask for more… and quickly after cashing in the communications will stop and reality will start to creep in. For some people, this is their whole life savings, leaving them with crippling debt and even reported cases of suicide. If you transferred £20 and are still waiting for that free puppy, think yourself lucky and better for the lesson. All is not lost though, the EFCC can be contacted and details of the scam can be reported – in some high profile cases, funds have even been returned. Neighbouring countries lean heavy on this pioneering group and Ghana’s Financial Intelligence Centre currently works in unison with the EFCC to combat online fraud. Sadly, the struggle is overwhelming for these small agencies.
This is where you have to try not be a victim and stay alert online. Pay attention to the patterns described and look out for relatives and friends that might fall victim to them. I have hope when I see evidence of good honest African’s trying to do what they can in order for this to stop. It brings shame to most that their country once known for exports of gold, crude oil and cocoa beans, now to be associated so heavily with online cyber fraud. One eye-opening testament of their desire to help us is seen in the trend with painting 'This house is not for sale, beware of 419’ on their homes. This way, local Sakawa gangs can’t take photos of the building and try to sell it online.
About the Author: Richard De Vere, who is the Principal Consultant for the AntiSocial Engineer Ltd., has an extensive background in penetration testing and social engineering, including ‘red team’ exercises and information gathering assessments. Qualifications include CISMP and CompTIA Security+. Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock