Nigeria is highly regarded for its innovative brains, has the largest technology ecosystem in Africa and the largest amount of technology investment in Africa, amounting to US$2,068,709,445 over seven years. Unfortunately, not all of these tech-savvy brains believe in investing their knowledge in noble causes.
You've probably heard the story of Ray Hushpuppi, the Nigerian internet scammer who allegedly laundered tens of millions of dollars. He convinced people that he was funding his extravagant lifestyle through the alias "Instagram influencer and real estate dealer."
But this article is not about Hushpuppi. On the contrary, it is dedicated to exposing the schemes and tricks of those “hushpuppies” that are still operating today; how they corporately extort and launder money from individuals and cooperatives.
1. Economic stress:
Despite having the largest economy in Africa, millions of Nigerians live in poverty due to income inequality coupled with factors such as unemployment and inflation. These factors prevent many Nigerians from meeting their financial responsibilities and encourage them to indulge in cybercrime.
2. Peer pressure:
Like Ray Hushpuppi, cybercriminals lead lavish lifestyles, flaunt their ill-gotten wealth and speak condescendingly of their fellow legitimate earners. This peer pressure pushes some of them to commit cybercrimes.
3. Personal revenge
For some guys, their targets are representatives of countries that participated in the colonization and exploitation of Africa. They convince themselves that they are right by saying, "We are taking our ancestors' money."
When you hear the word “cybercriminal,” one of the first things that comes to mind is the “black hat” hacker. Think again, Nigerian cybercriminals not only use hacking technologies, but also characteristics that make their victims vulnerable.
The sophistication of these scams depends on the duration of the operation, objectives, potential revenue and versatility of the format. Some of them are very effective in their own right, and can also facilitate more complex scams. Let's look at some of them together:
People go on dating sites and get the perfect love story, but some are unlucky. "Life is never fair."
Dating site scams, known as cat phishing, are one of the most common cyber scams in Nigeria. According to Techs i der, Nigeria has the second highest rate of dating scams.
After this, the thieves begin to “invoice” their victims and ask them to transfer money in unknown ways. For example, through gift cards, cryptocurrency or any other untraceable method.
Dating is quite common, and despite its simplicity, scammers call it the “mother format” because it is the basis for many other formats, making it universal.
The number of young men and women online willing to provide sexual pleasure to older people in exchange for money, gifts and other favors makes it possible for scammers to operate.
On social networks, they pose as sugar mommies/sugar daddies and send messages to young people saying that they are looking for reliable boys or girls whom they can take care of in exchange for satisfying their sexual needs. Once they are satisfied that their goal is compelling, they move on to the next step.
But how to get money from cash-strapped people?
They send their victims on errands. For example, they may give their sugar boy/girl a fake check and ask him to cash it, or help smuggle illegally purchased goods.
Attackers convince their victims that their permanent salary comes from income from completing assignments. The latter believe that they simply help their “sugar mummy” carry out assignments for a fee.
In the case of counterfeit checks, when the target receives the check and deposits it into their account, it initially appears to be legitimate until the bank begins to verify it, which is often too late. During this time, victims would withdraw the money as their sugar momma/daddy advised, use it to purchase gift cards, cryptocurrency, or other untraceable items, and send the rest after holding their share as promised.
Victims realize they have been defrauded after the bank discovers the fraudulent check and withdraws money from their accounts.
Is this really where it all ends? This may only be the beginning of the victim's misery as scammers may use the obtained bank details to carry out unemployment scams or use victims' other personal information such as social security numbers, etc. as fake ones, thereby luring them into complicity in the scam. .
Once they receive a lead, they demand upfront payment, a percentage of the cost of services through untraceable platforms or the data of an unsuspecting pawn. Once they receive the payment, they block you from that account before you even suspect it.
BEC, known as Business Email Compromise, is one of the most sophisticated scam formats. At the same time, scammers consider it the safest and largest, due to its nature - goals and income.
How is it safe?
Fraudsters target reputable companies. Large corporations that would rather let scammers get away because they don't want public outcry and panic. Or any complications that could cause them to lose value in the stock market because they are considered unsafe. Therefore, they refuse to disclose such information and even actively work to prevent the FBI from engaging in such scams in order to maintain the trust of their clients. This gives fraudsters the opportunity to easily escape punishment if they are smart enough.
Sometimes such companies use the services of private detectives, but due to confidentiality restrictions, they are rarely successful.
For example, "Gucci billionaire" Hushpuppi successfully ran BEC scams before he was caught. When he was tried, some of these successful schemes were considered on the basis of probable cause. However, the names of the victims were never revealed.
How do they work?
As the name of the scam suggests, if one email is compromised, it can affect many others and cause damage to the firm.
After monitoring the company for some time, scammers target the financial division of the companies and the individuals who handle the company's finances. The first thing they do is send out phishing attacks, sometimes through the email of an already compromised department of the same company. Criminals study the company's email messages and structure theirs in the same way so that they do not arouse suspicion. After clicking these links, scammers receive confidential company email information needed to begin the next stage of the scam.
Hackers gain access to these email addresses to monitor the flow of messages, the frequency of payments, and the identities of those making payments. Let's assume that the hacked email does not belong to the person responsible. In this case, attackers can use the access they already have to find the target address and send another phishing message using the compromised account, which will not be difficult since they are considered employees of the organization. Having gained access to the relevant account, attackers try to intercept payments due. They resend invoices with payment information, denying the authenticity of the original ones sent by the hacked companies and claiming that it was a mistake.
Now Company A transfers money to Company B, unaware that B was hacked and used incorrect account information.
Although bank accounts can be traced, these scams usually involve large sums of money and the accounts do not belong to the scammers. They were obtained using details obtained during other scams. Fraudsters make sure that they have many such accounts, distribute a huge amount among them, use them to buy cryptocurrencies, and the money is lost in the system.
For some cybercriminals, this is the ultimate test, and some swear they will retire if they pull off a BEC scam.
Yahoo representatives claim that this is an old scam format that only gained popularity in the Covid-19 era, a period characterized by financial crisis and economic difficulties. However, it was this scheme that allowed many cybercriminals in Nigeria to get rich. This scheme has gained even greater popularity thanks to a trend called “benefit boys”.
The trend for "bargain boys" arose after a viral video showed some high school teenagers driving to school in brand new Mercedes Benz, the latest iPhones, humiliating their school teachers and calling themselves "bargain boys." The word "Benefit" refers to theft of funds allocated to help the unemployed in the United States.
The Secret Service began investigating the scam in May 2020 and found that a significant portion of it was linked to a group of alleged Nigerian cybercriminals.
They continue to exploit these victims by using their personal information to apply for relief funds. They then move significant amounts of money using untraceable methods.
Fraudsters claim that this format has recently appeared and is a safe method, and it works in different ways.
Another format of crypto fraud involves investing in some kind of digital token. Fraudsters create fake websites and lure people with very high returns. After creating an account and transferring funds to the wallet, victims are locked out and cannot withdraw funds or access the account.
My personal experience took place in a different format. The customer wrote to me on Freelancer and asked if I could write several articles within the specified time frame, offered a fat payment and then shared his contacts on Telegram, asking me to contact him there. I wrote to them on Telegram and they asked if I accepted cryptocurrency for payment, that they wanted to make a deposit so that I would be willing to take the job, to which I responded positively. They then said that they have problems with the Trust Wallet, but there is a cryptocurrency token that is very common.
Since switching from Freelancer to Telegram, I already suspected that it was a scam, but I was desperate to see if it would be of any use. I created an account with false data, they transferred $1,200 to me, but in order to activate the account and withdraw funds, I needed to deposit money. I then became convinced that it was a scam, contacted a friend who builds websites, and he confirmed that it was just a fake flash from the endpoint.
Many of these cards are old and have been blocked or suspended, which is the only downside for buyers, but some of these sites take the scam to the next level by offering customer support. They allow customers to test cards to see if they have money on them and assist in replacing cards until a valid one is found. Some even withdraw money from their cards to find a working one.
Interesting fact: the Nigerian prince scam did not originate in Nigeria. In fact, it was previously called the "Spanish Prisoner Scam" and has been around so long that it predates the invention of devices to facilitate communication. However, cybercriminals from Nigeria have gained a reputation as the most popular perpetrators of this scam, hence the renaming.
All the scammers want is the loot, and they often form acquaintances with their victims. They claim to be the children of wealthy Nigerian families, and some even claim to be heirs to a great kingdom (hence the expression "Nigerian prince"). However, they cannot receive their inheritance because they have not fulfilled certain requirements.
Here's the ideal scenario:
After a period of dating, the self-proclaimed Nigerian prince contacts his partner or online acquaintance and reveals his secret about how rich their family is. Next, the prince tells what wealth he will inherit. However, in order to become a recipient of an inheritance , a number of requirements must be met.
After successfully convincing the client that he is rich, he invents a personal problem that requires a financial solution and complains that he cannot do it because he is poor. They turn to their forgetful partners and friends for help, promising to marry them (which is quite logical, since this is a prerequisite for receiving their share of the fortune) and give them a significant part of the inheritance as soon as they become entitled to it.
Even if you manage to avoid having your hard-earned money stolen, you may still find yourself caught up in a complex web of schemes that defraud the unfortunate victim. Therefore, it is important to be careful, pay attention to the “red flags” and act correctly if you suspect fraudulent activity.
You've probably heard the story of Ray Hushpuppi, the Nigerian internet scammer who allegedly laundered tens of millions of dollars. He convinced people that he was funding his extravagant lifestyle through the alias "Instagram influencer and real estate dealer."
But this article is not about Hushpuppi. On the contrary, it is dedicated to exposing the schemes and tricks of those “hushpuppies” that are still operating today; how they corporately extort and launder money from individuals and cooperatives.
1. Economic stress:
Despite having the largest economy in Africa, millions of Nigerians live in poverty due to income inequality coupled with factors such as unemployment and inflation. These factors prevent many Nigerians from meeting their financial responsibilities and encourage them to indulge in cybercrime.
2. Peer pressure:
Like Ray Hushpuppi, cybercriminals lead lavish lifestyles, flaunt their ill-gotten wealth and speak condescendingly of their fellow legitimate earners. This peer pressure pushes some of them to commit cybercrimes.
3. Personal revenge
For some guys, their targets are representatives of countries that participated in the colonization and exploitation of Africa. They convince themselves that they are right by saying, "We are taking our ancestors' money."
7 Most Sophisticated Schemes of Nigerian Cybercriminals
As much as you may criticize fraud, it is equally important to recognize the intelligence used to plan such actions. Understanding the art and its complexities not only helps to understand the essence of these scams, but also to develop preventive measures.When you hear the word “cybercriminal,” one of the first things that comes to mind is the “black hat” hacker. Think again, Nigerian cybercriminals not only use hacking technologies, but also characteristics that make their victims vulnerable.
The sophistication of these scams depends on the duration of the operation, objectives, potential revenue and versatility of the format. Some of them are very effective in their own right, and can also facilitate more complex scams. Let's look at some of them together:
1. Dating:
The cute girl 5 miles away who is interested in you might be a guy from Ikorodu, Lagos.People go on dating sites and get the perfect love story, but some are unlucky. "Life is never fair."
Dating site scams, known as cat phishing, are one of the most common cyber scams in Nigeria. According to Techs i der, Nigeria has the second highest rate of dating scams.
How does it work?
In this case, scammers, introducing themselves as persons of the gender that their objects like, confess their love to them. In this context, “courtship” refers to an affectionate attitude toward an object with the goal of creating an emotional connection that leads to falling in love.After this, the thieves begin to “invoice” their victims and ask them to transfer money in unknown ways. For example, through gift cards, cryptocurrency or any other untraceable method.
Dating is quite common, and despite its simplicity, scammers call it the “mother format” because it is the basis for many other formats, making it universal.
2. Sweet Mommy/Daddy:
A cruel scammer appears just when you think you have found the perfect middle-aged person to help you with your finances.The number of young men and women online willing to provide sexual pleasure to older people in exchange for money, gifts and other favors makes it possible for scammers to operate.
How can you become a victim of scammers?
Fraudsters pose as adults who are financially capable of satisfying the economic needs of young people. They find naive teenagers and young adults where they want to act. Contrary to your assumptions, they do not always look for wealthy people, as they seek to use their victims as pawns in other scams. Sometimes they prefer to target people experiencing financial difficulties, since they are often in more desperate situations.On social networks, they pose as sugar mommies/sugar daddies and send messages to young people saying that they are looking for reliable boys or girls whom they can take care of in exchange for satisfying their sexual needs. Once they are satisfied that their goal is compelling, they move on to the next step.
But how to get money from cash-strapped people?
They send their victims on errands. For example, they may give their sugar boy/girl a fake check and ask him to cash it, or help smuggle illegally purchased goods.
Attackers convince their victims that their permanent salary comes from income from completing assignments. The latter believe that they simply help their “sugar mummy” carry out assignments for a fee.
In the case of counterfeit checks, when the target receives the check and deposits it into their account, it initially appears to be legitimate until the bank begins to verify it, which is often too late. During this time, victims would withdraw the money as their sugar momma/daddy advised, use it to purchase gift cards, cryptocurrency, or other untraceable items, and send the rest after holding their share as promised.
Victims realize they have been defrauded after the bank discovers the fraudulent check and withdraws money from their accounts.
Is this really where it all ends? This may only be the beginning of the victim's misery as scammers may use the obtained bank details to carry out unemployment scams or use victims' other personal information such as social security numbers, etc. as fake ones, thereby luring them into complicity in the scam. .
Bonus
Cybercriminals claim that email scams are the simplest. Scammers pose as strippers and sex workers on dating sites to find potential clients through illegal advertisements. Using a VPN makes it difficult to find them and prevents you from accessing sites.Once they receive a lead, they demand upfront payment, a percentage of the cost of services through untraceable platforms or the data of an unsuspecting pawn. Once they receive the payment, they block you from that account before you even suspect it.
3. BEC fraud:
Just when the challenges of running a business are not enough to make you give up, cybercriminals emerge.BEC, known as Business Email Compromise, is one of the most sophisticated scam formats. At the same time, scammers consider it the safest and largest, due to its nature - goals and income.
How is it safe?
Fraudsters target reputable companies. Large corporations that would rather let scammers get away because they don't want public outcry and panic. Or any complications that could cause them to lose value in the stock market because they are considered unsafe. Therefore, they refuse to disclose such information and even actively work to prevent the FBI from engaging in such scams in order to maintain the trust of their clients. This gives fraudsters the opportunity to easily escape punishment if they are smart enough.
Sometimes such companies use the services of private detectives, but due to confidentiality restrictions, they are rarely successful.
For example, "Gucci billionaire" Hushpuppi successfully ran BEC scams before he was caught. When he was tried, some of these successful schemes were considered on the basis of probable cause. However, the names of the victims were never revealed.
How do they work?
As the name of the scam suggests, if one email is compromised, it can affect many others and cause damage to the firm.
After monitoring the company for some time, scammers target the financial division of the companies and the individuals who handle the company's finances. The first thing they do is send out phishing attacks, sometimes through the email of an already compromised department of the same company. Criminals study the company's email messages and structure theirs in the same way so that they do not arouse suspicion. After clicking these links, scammers receive confidential company email information needed to begin the next stage of the scam.
Hackers gain access to these email addresses to monitor the flow of messages, the frequency of payments, and the identities of those making payments. Let's assume that the hacked email does not belong to the person responsible. In this case, attackers can use the access they already have to find the target address and send another phishing message using the compromised account, which will not be difficult since they are considered employees of the organization. Having gained access to the relevant account, attackers try to intercept payments due. They resend invoices with payment information, denying the authenticity of the original ones sent by the hacked companies and claiming that it was a mistake.
Now Company A transfers money to Company B, unaware that B was hacked and used incorrect account information.
Although bank accounts can be traced, these scams usually involve large sums of money and the accounts do not belong to the scammers. They were obtained using details obtained during other scams. Fraudsters make sure that they have many such accounts, distribute a huge amount among them, use them to buy cryptocurrencies, and the money is lost in the system.
For some cybercriminals, this is the ultimate test, and some swear they will retire if they pull off a BEC scam.
4. Unemployment benefits:
While governments and humanitarian organizations help people experiencing financial difficulties, scammers do the opposite.Yahoo representatives claim that this is an old scam format that only gained popularity in the Covid-19 era, a period characterized by financial crisis and economic difficulties. However, it was this scheme that allowed many cybercriminals in Nigeria to get rich. This scheme has gained even greater popularity thanks to a trend called “benefit boys”.
The trend for "bargain boys" arose after a viral video showed some high school teenagers driving to school in brand new Mercedes Benz, the latest iPhones, humiliating their school teachers and calling themselves "bargain boys." The word "Benefit" refers to theft of funds allocated to help the unemployed in the United States.
The Secret Service began investigating the scam in May 2020 and found that a significant portion of it was linked to a group of alleged Nigerian cybercriminals.
How does it work?
Unemployment scam perpetrators are scammers who already had access to the personal information and bank details of victims of scams such as dating, sugar mommies / sugar daddies.They continue to exploit these victims by using their personal information to apply for relief funds. They then move significant amounts of money using untraceable methods.
5. Crypto fraud:
According to Reuters, most of the complaints from American customers about cryptocurrencies are related to scams.Fraudsters claim that this format has recently appeared and is a safe method, and it works in different ways.
How does it work?
For the simplest of cryptocurrency formats, scammers only need to find an object on social networks or dating sites with whom they do not necessarily have a romantic relationship, but who will be trusting enough to help a complete stranger make cryptocurrency transactions for a certain percentage. Fraudsters claim that they have made a significant investment in cryptocurrency and even earned large interest, but cannot withdraw it because they do not have the amount necessary to activate the withdrawal. Unsuspecting victims agree to help and transfer funds to their scammers' wallets, waiting for confirmation, and their interest rates are left in the dark that they have been scammed and possibly blocked after the transaction is confirmed.Another format of crypto fraud involves investing in some kind of digital token. Fraudsters create fake websites and lure people with very high returns. After creating an account and transferring funds to the wallet, victims are locked out and cannot withdraw funds or access the account.
My personal experience took place in a different format. The customer wrote to me on Freelancer and asked if I could write several articles within the specified time frame, offered a fat payment and then shared his contacts on Telegram, asking me to contact him there. I wrote to them on Telegram and they asked if I accepted cryptocurrency for payment, that they wanted to make a deposit so that I would be willing to take the job, to which I responded positively. They then said that they have problems with the Trust Wallet, but there is a cryptocurrency token that is very common.
Since switching from Freelancer to Telegram, I already suspected that it was a scam, but I was desperate to see if it would be of any use. I created an account with false data, they transferred $1,200 to me, but in order to activate the account and withdraw funds, I needed to deposit money. I then became convinced that it was a scam, contacted a friend who builds websites, and he confirmed that it was just a fake flash from the endpoint.
6.Credit card:
Imagine this! You're sitting at home and suddenly you receive a message saying that you just bought something online.How does it work?
Fraudsters use phishing to try to gain access to companies' payment sites, where they can download and access information about the accounts of customers who made the payment. They then sell this information on their websites. Cheap scammers then go to these sites and buy card details for as little as $2 in hopes of finding money in them. Thus, for buyers it turns into a game of chance: while some manage to make purchases worth millions of dollars with these cards, others manage to make purchases of a few hundred or less. After shopping, they use other schemes such as sugar mommies, dating, etc. to cover their tracks. They send their accomplices on missions to help sell goods, take their share, transfer the remaining money, or even send it home . During this procedure, the money disappears into thin air.Many of these cards are old and have been blocked or suspended, which is the only downside for buyers, but some of these sites take the scam to the next level by offering customer support. They allow customers to test cards to see if they have money on them and assist in replacing cards until a valid one is found. Some even withdraw money from their cards to find a working one.
7. Inheritance scam
The scheme is known internationally as the "Nigerian Prince Scam" and locally as the "419 Scam." Have you ever heard someone excitedly talk about how he will become rich thanks to a billion-dollar inheritance that a Nigerian prince promised to share with him because he lent him some money?Interesting fact: the Nigerian prince scam did not originate in Nigeria. In fact, it was previously called the "Spanish Prisoner Scam" and has been around so long that it predates the invention of devices to facilitate communication. However, cybercriminals from Nigeria have gained a reputation as the most popular perpetrators of this scam, hence the renaming.
How does it work?
Fraudsters exploit human weaknesses rather than technological ones, appealing to emotions and psychologically manipulating their victims.All the scammers want is the loot, and they often form acquaintances with their victims. They claim to be the children of wealthy Nigerian families, and some even claim to be heirs to a great kingdom (hence the expression "Nigerian prince"). However, they cannot receive their inheritance because they have not fulfilled certain requirements.
Here's the ideal scenario:
After a period of dating, the self-proclaimed Nigerian prince contacts his partner or online acquaintance and reveals his secret about how rich their family is. Next, the prince tells what wealth he will inherit. However, in order to become a recipient of an inheritance , a number of requirements must be met.
After successfully convincing the client that he is rich, he invents a personal problem that requires a financial solution and complains that he cannot do it because he is poor. They turn to their forgetful partners and friends for help, promising to marry them (which is quite logical, since this is a prerequisite for receiving their share of the fortune) and give them a significant part of the inheritance as soon as they become entitled to it.
Conclusion
Despite attempts to make the Internet a safe place, cybercriminals are looking for new points of vulnerability and even exploit people's psychology, which makes them especially susceptible.Even if you manage to avoid having your hard-earned money stolen, you may still find yourself caught up in a complex web of schemes that defraud the unfortunate victim. Therefore, it is important to be careful, pay attention to the “red flags” and act correctly if you suspect fraudulent activity.
