Nigerian Prince scam email example

$40m says Nigerian phishing email scams still work

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

A swathe of Business Email Compromise (BEC) attacks have landed a group of Nigerian men accused of cyber fraud in US custody after flaunting their wealth on social media.

Phishing emails and scam emails in general have unfortunately spent a long time being synonymous with West Africa, with a specific focus on Nigeria. One reason for this is the “Nigerian Prince” Advance-fee scams which gained fame and attention over more than three decades of use and re-imagination, and today are reported to still be in heavy circulation and fooling victims across the globe.

In Dubai, a recent group of high-profile arrests made by Emirate police adds further press coverage to the age-old stereotype, only this time the accused scammers gave themselves away publicly, albeit unwittingly.

Seen posing in front of expensive cars, Olalekan Jacob Ponle (upper image) and Ramon Olorunwa Abbasm (lower image) known on Instagram respectively as “mrwoodbery” and “hushpuppi” post inspirational message to their millions of followers. If the allegations of cyber fraud and money laundering are correct, another blow will be dealt to the reputation of hard working West Africans.

During the raids, police in the emirate say they recovered $40m (£32m) in cash, 13 luxury cars worth $6.8m, 21 computers, 47 smartphones and the addresses of nearly two million alleged victims.

“Abbas finances this opulent lifestyle through crime, and he is one of the leaders of a transnational network that facilitates computer intrusions, fraudulent schemes (including BEC schemes), and money laundering, targeting victims around the world in schemes designed to steal hundreds of millions of dollars,”

Federal Bureau of Investigations (FBI)

Nigerian Economist Ebuka Emebinah gave his thoughts to the proliferation of scams emanating from the region.

“Our value system in Nigeria needs to be checked, especially the emphasis we place on wealth, no matter how you got it. It’s a culture where people believe that results speak for you. We don’t place as much emphasis on the process and this has built up over time.”

Ebuka Emebinah – Financial Services Consultant

Both Polne and Abbas have been extradited to the US and charged in a Chicago court with conspiracy to commit wire fraud and laundering monies (to the tune of hundreds of millions of dollars) obtained through cyber-crime.

How did they do it?

Business Email Compromise (BEC) – Impersonating legitimate employees of US companies and tricking recipients into wiring money directly to their accounts. It is one of the most common, and most damaging, forms of social engineering.

These types of attacks are nothing new, what is disappointing is how successful they remain as organisations rely on users without sufficient training and knowledge.

Without any form of security awareness training, users are expected to be able to spot bad emails from good ones, adding huge financial and organisational risk.

We (PhishingTackle.com) understand that taking the first steps toward educating users can be a tricky one to make, and have made tremendous efforts to help our readers and customers alike in understanding where their security weaknesses lie.

To this end, we have a number of free tools we recommend our readers try to get a better idea of how security-aware their users are. Our most popular tool is the Free Click-Prone® Test, which reveals exactly how many users would fall for a modern phishing attack.

There is no hardware solution that can stop 100% of phishing attacks, that means that when (not if) a phishing email arrives in one of your users’ inbox, the security of your entire organisation rests in their ability to spot it.

Educate your users before the bad guys do it for you.