• by Ray Schultz , Columnist, May 23, 2018

The fabled Nigerian prince — or princes — have become more sophisticated. The whole family of email scam royalty has moved from get-rich-quick schemes to business email compromise (BEC) attacks, supported by organized crime, according to Behind the 'From' Lines: Email Fraud on a Global Scale, a study by Agari.

Although not pursued by Nigerian con artists until 2016, BEC is the most popular attack vector, making up 24% of all assaults.

The reason is that they require little effort for high reward. The average BEC payment demanded is $35,500, and the average profit is between $982 and $5,236. 

And the results are pretty immediate — BEC attacks take less than three days to reach fruition, compared with 25 days for romance scams. Overall, BEC scams nail 3.97 victims per 100 answered probes.

In addition, these Africa-based scam artists are targeting both SMBs and major enterprises, Agari notes. In many cases, they are intercepting invoice payments and directing equipment deliveries to drop sites.  

Agari analyzed 59,652 messages sent by 78 email accounts from ten organized crime groups -- nine out of ten in Nigeria and the rest in Kenya. Agari has concluded that “Nigerian princes really are from Nigeria.”

Not that thse bad actors are neglecting other types of scams. They are using Match.com and other dating sites to lure romance victims, who then become money-laundering mules, Agari writes. They also have initiated real estate purchase scams in which victims forward their life savings. But they have mostly moved on to BEC.

It’s all part of an organized crime system that relies on legitimate infrastructure to evade detection. However, these felons may not be as good as we think — Agari was able to identify the real identity of many criminal email accounts because of “poor operational security of the organized crime groups.”

On a practical level, Nigerian scammers use Gmail more than any other email service. And they use Grammarly for spelling and punctuation. They find business listings via RocketReach and GuideStar.

“While much of the high-profile attention paid to email security has focused on nation state actors, the reality is that American businesses are far more likely to be attacked by BEC scammers operating from Africa,” concludes Patrick Peterson, founder and executive chairman, Agari.

He adds: "The sad irony is that these foreign adversaries are using our own legitimate infrastructure against us in attacks that are far more damaging and much harder to detect than any intrusion or malware."