The West African cybercriminal ecosystem is unlike any other
While there is still not an actual underground marketplace, cybercrime is pervasive in the West African region. Specifically, scamming operations.
The peculiarities of the ecosystem
According to a report compiled by Trend Micro and INTERPOL, for which the latter conducted a survey among its member countries in West Africa, the West African cybercriminal ecosystem is unlike any other.
Among the peculiarities are the fact that IT technicians and fraud operators are more likely to get arrested than money mules, which are mainly West Africans who have migrated to target countries.
“The small number of money mule arrests could be due to the fact that many of the mules reside outside West Africa (typically where they are required), which poses jurisdiction and proportionate resource considerations for law enforcement agencies,” the researchers explained.
“West African law enforcement agencies’ attention is directed at cybercriminals residing in the region and so more technicians and fraud operators are apprehended. In addition, these roles are also the most overt in terms of interacting externally and engage in activities that leave traces that law enforcement agencies and security researchers can jointly explore and take action on as investigation leads.”
Asking countrymen who reside overseas to help with illegal operations is part of the West African cybercriminal culture, which is, in general, forgiving when it comes to fraud, and especially so when the victims are foreigners.
Secondly, West African cybercriminals are a trusting bunch: they constantly communicate and share know-how with one another, they talk about which kind of people will most likely fall for particular types of fraud and what types of fraud actually work and pay off.
“In essence, the West African cybercriminal ecosystem can be considered as a self-learning portal and a self-sustaining system, improving through trial and error and the sharing of best practices,” the report notes.
West African criminals
There are two major types of West African cybercriminals: Yahoo boys and next-level cybercriminals.
The former concentrate on perpetrating romance, advanced-fee, and stranded-traveler scams.
The latter go after businesses and executives’ email accounts, and the goal is to either trick the company’s finance department into wiring large sums of money to an account they control, or the HR or finance department into sending payroll and W2 form information, so they can used that information to file fraudulent tax return requests.
For more details about the techniques and tools they use, check out the report.