Jun 5, 2019

A look inside a Nigerian email scam group active since 2008

Cybersecurity company Agari detailed a newly discovered Nigerian email scam team, dubbed "Scattered Canary," composed of dozens of members, in a new report released Wednesday.

Why it matters: Unlike with criminal hackers and espionage groups, there is not as much research into the taxonomy of actors in email fraud, but since it can siphon off as much as $2 billion each year, it's a threat worth understanding.

The big picture: Agari won't publicly discuss its methods for gaining intelligence on Scattered Canary. But given methods they've used to detail similar groups in the past, which were only shared with Axios under the condition that they not be included in stories, they have extensive visibility on how a group operates, who is involved and their criminal history.

  • "We have a 10-year look on how this developed from a single individual into a group that comprises at least 35 people that we know of," Crane Hassold, senior director of threat research at Agari, told Axios.

Background: Scattered Canary started as a small-time operation in 2008 — a single actor dubbed "Alpha" running Craigslist scams with the help of a more seasoned mentor, dubbed "Omega." The tandem committed 419 total Craigslist scams, averaging $24,000 in profits.

  • Alpha is currently engaged and has three kids. In 2010, he began running romance scams, extorting money from victims and using them to do menial tasks in other scams, such as opening bank accounts.
  • In 2015, Alpha started scamming corporations and began hiring additional employees.

Details: Like other groups, Scattered Canary uses commercial lead generation services to compile lists of potential victims.

  • Since 2017, the group has perpetuated several fraudulent attacks on the U.S. government, including filing 13 tax returns and 11 Social Security benefit applications. It's also filed applications for Texas unemployment benefits under 9 identities and applications for FEMA disaster assistance under 3 identities.
  • Agari lists several email accounts associated with the group in its report.

The bottom line: Conventional hackers may get most of the attention, but email fraud is a thriving industry with a higher return on investment.

  • Hassold says, "I'm worried about what happens when the Eastern European, Russian and Southeast Asian groups realize, 'Why are we spending so much money on infrastructure and paying developers to develop malware when we could just send an email to someone, ask them to send us money and they'll do it?'" 

Go deeper: Email scammers take advantage of Gmail dot feature

Go deeper

Axios
Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 10 p.m. EST: 32,135,220 — Total deaths: 981,660 — Total recoveries: 22,149,441Map.
  2. U.S.: Total confirmed cases as of 10 p.m EST: 6,975,980 — Total deaths: 202,738 — Total recoveries: 2,710,183 — Total tests: 98,481,026Map.
  3. Politics: House Democrats prepare new $2.4 trillion coronavirus relief package.
  4. Health: Cases are surging again in 22 states — New York will conduct its own review of coronavirus vaccine.
  5. Business: America is closing out its strongest quarter of economic growth.
  6. Technology: 2020 tech solutions may be sapping our resolve to beat the pandemic.
  7. Sports: Pac-12 will play this fall despite ongoing pandemic — Here's what college basketball will look like this season.
  8. Science: Global coronavirus vaccine initiative launches without U.S. or China — During COVID-19 shutdown, a common sparrow changed its song.
Go deeper (<1 min. read)Arrow
Jacob Knutson
4 hours ago - Sports

Pac-12 will play football this fall, reversing course

A view of Levi's Stadium during the 2019 Pac-12 Championship football game. Photo: Alika Jenner/Getty Images

The Pac-12, which includes universities in Arizona, California, Colorado, Oregon, Utah and Washington state, will play football starting Nov. 6, reversing its earlier decision to postpone the season because of the coronavirus pandemic.

Why it matters: The conference's about-face follows a similar move by the Big Ten last week and comes as President Trump has publicly pressured sports to resume despite the ongoing pandemic. The Pac-12 will play a seven-game conference football season, according to ESPN.

Go deeper (1 min. read)Arrow
Dave Lawler, author of World
5 hours ago - World

Global coronavirus vaccine initiative launches without U.S. or China

Data: Gavi, The Vaccine Alliance; Map: Naema Ahmed/Axios

A global initiative to ensure equitable distribution of coronavirus vaccines now includes most of the world — but not the U.S., China or Russia.

Why it matters: Assuming one or more vaccines ultimately gain approval, there will be a period of months or even years in which supply lags far behind global demand. The COVAX initiative is an attempt to ensure doses go where they're most needed, rather than simply to countries that can produce or buy them at scale.

Go deeper (2 min. read)Arrow

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!