Nigerian email scammers hack each other
Web Services
The service that supplies their tools also exposed their usernames and passwords.
The “BestRecovery” website lets crooks deploy keystroke logging malware and then view the stolen data remotely.
An entire list of usernames and passwords of more than 3,000 paying customers is recoverable from the site using little more than a Web browser.
“The first thing I noticed upon viewing the user list was that a majority of this service’s customers had signed up with yahoo.com emails, and appeared to have African-sounding usernames or email addresses. Also, running a simple online search for some of the user emails (dittoswiss@yahoo.com, for example) turned up complaints related to a variety of lottery, dating, reshipping and confidence scams,” Krebs reports.
The site was so insecure that it also displayed the keylog records that customers kept on the service. Most customers used the service to keep tabs on multiple computers in several countries. A huge number of the users appear to be Nigerian 419 scammers using computers with Internet addresses in Nigeria.
Also known as “advance fee” and “Nigerian letter” scams, 419 schemes have been around for many years. “Nigerian romance scammers often will troll online dating sites using stolen photos and posing as attractive U.S. or U.K. residents working in Nigeria or Ghana, asking for money to further their studies, care for sick relatives, or some such sob story.
. . .more traditionally, these miscreants pretend to be an employee at a Nigerian bank or government institution and claim to need your help in spiriting away millions of dollars. Those who fall for the ruses are strung along and milked for increasingly large money transfers, supposedly to help cover taxes, bribes and legal fees. . . . the perpetrators have been known to use the personal information and checks that they received to impersonate the victim, draining bank accounts and credit card balances.
. . . Oddly enough, a large percentage of the keylog data stored at BestRecovery indicates that many of those keylog victims are in fact Nigerian 419 scammers themselves. One explanation is that this is the result of scammer-on-scammer attacks.”
The fraudsters often work from cybercafé computers, so “perhaps some enterprising Nigerian spammers simply infected a bunch of these cybercafe machines to save themselves some work. It is also possible that vigilante groups which target 419 scammers — such as Artists Against 419 and 419eater.com – were involved, although it’s difficult to believe those guys would bother with such a rudimentary service.”
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.