A criminal syndicate in Nigeria is stealing millions of dollars from companies around the world by intercepting their emails and diverting bank transfers, a report says.
SecureWorks, a cyber security company, says it has uncovered a group of 30-40 cyber criminals stealing about $5m a year, often from industries that buy and sell large shipments, including chemical manufacturing, pharmaceuticals and heavy machinery.
Cyber criminals are increasingly pretending to be executives and using fake email accounts to steal money from companies, with the Federal Bureau of Investigation warning of a dramatic rise in business email compromise scams. The US law enforcement agency reported in June that cyber criminals had tried to snatch more than $3bn, an increase of 50 per cent over 10 months.
James Bettke, a researcher at SecureWorks, said the Nigerian criminal ring was more sophisticated than some email spoofing scams, which send emails claiming to be from a senior executive ordering wire transfers, in that they intercept an existing transaction.
“They [the victims] sincerely believe there is a real transaction going on, so they become completely confused,” he said, adding that “nothing seems out of place” until the money does not turn up.
SecureWorks has informed law enforcement agencies about the scam and attempted to contact companies involved. The cyber security company, which went public this year, claims to have identified the perpetrators of the crime, including their names, social media profiles and conversations between them, with details on how the business is run.
The group’s tactics are less sophisticated than those used to steal from the Swift global bank payments system, which has been in focus this year after $81m was stolen from the Bangladesh central bank and ended up in casinos in the Philippines.
Mr Bettke said the method was “digital cheque washing”, the online equivalent of the crime where cheques are stolen from a mailbox and washed in acetone to obscure the true payee and redirect the money to another bank account. The hackers find existing unpaid invoices, change the payee and reply to the buyer, who then sends money to the criminal’s account, not the seller.
In one case, SecureWorks says the group hijacked the email of an employee at an Indian chemical company. When a US chemical company sent a request to purchase $400,000 of chemicals, the hackers changed the rules in the employee’s email account so that all future emails from that company were directed to the hackers’ inbox. They changed the details on an invoice so the US company paid them, not the Indian company.