Lads from Lagos turn from 419 scams to basic malware slinging

Engr Ojie Victor

Soon on Stack Overflow?

FB page is back

Going on the number guests that Dr Phil had on this subject, you get a good view of the entire sequence of events from first view of profile right to the last of the $100K+ being transferred - it's quite clear they have much more money than sense. Sure, they're at the extreme money end of the scale, but you read about a LOT of scams like this, and they all end the same way - only the amount of money is different.

You and I, and everyone else here would have spotted the scam from last decade, but we're not the targets.

When they article says they're social engineering experts - they're right, sometimes they do wander into the realm of smart people. They cross their "t's" and dot their "i's", cover their tracks, plant enough evidence that can't be traced back to anywhere to do the job. But they still mostly don't succeed. When you're dealing with the amount of money out of a smarter person you need to make it worth your while, you can't possibly cover ALL your tracks - it's manufactured bullshit after all. Let's just say the rule of averages means there's still a LOT of people on the "easier" end of the IQ curve to deal with.

When you're dealing with corporations as targets - that's a different kettle of fish from the start. You're no longer dealing with a "person", rather than an ecosystem. eMail is a good social engineering inroad, because although that ".EXE" is blatantly obvious to most of us, "corporations" as an ecosystem do not generally put rocket scientists on the email front line. There are techniques that cover the corporation, through tools, filtering, training etc - but not everyone does that.

When emails cost nothing for a million, you're going to get some hits.