The month of June has been characterized by a very specific group of cybercriminals targeting Hawaii businesses. The criminal activity appears to have ties to Nigeria but could be far more widespread.
Gone are the days of the laughable stories of the Nigerian Prince who needs your help to access his fortune. Now it's smash and grab - work from home job scams, romance scams, credit card scams, check fraud and breaking into company email accounts to impersonate business owners and commit wire, bank and mail fraud.
In a recent case Solomon Ekunke Okpe, a 31-year-old from Lagos, Nigeria, pleaded guilty to wire, bank, and mail fraud. Despite law enforcement's efforts to catch such criminals, it often takes years and millions of dollars lost before they are caught. It's up to you to be up-to-speed on how these criminals are operating and prevent your business from being the next victim.
These Nigerian scammers are using phishing attacks as their primary weapon to gain access to corporate email accounts and trick people and businesses into sending money. We are seeing this attack being directed at organizations that work in large sum (vs. large quantity) transactions such as construction/building industry, accounting firms, building management companies and financial services.
How it starts - you may receive an email that looks something like this:
The key here is that the sender's email will likely be from a trusted email address, from someone you may have corresponded with before. This is because their email account has been hacked and they want to repeat the process and break into yours.
Clicking the link will direct you to a document on Adobe.com:
The document on Adobe.com will contain a link. That link will take you to a fake Microsoft 365 credential harvesting website:
The ones we saw were exact copies of Microsoft's login page, including animations and were hosted on domain names that were identical to the victim's business name, presumably to increase credibility.
For all of the cases involving Adobe.com, they have guidance on how to report abuse if you are a current account holder here: https://helpx.adobe.com/sign/using/adobesign-report-abuse.html
For non-account holders, they only accept reports by email. We have been reporting these incidents and sending supporting documentation to email@example.com. They don't respond but we have seen them take down these phishing documents.
As for the fictitious domain names set up for credential harvesting. We noticed that they were being registered with Namecheap.com. Directions on how to report such activity may be found here: https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how-and-where-can-i-file-abuse-complaints/. Namecheap was quick to respond and act on these reports.
Don't be a victim
These criminals rely on weak passwords and having 2-faction authentication disabled to access the accounts of their targets.
Always use long, complex, and unique passwords and enable 2-factor authentication to keep your access credentials easily guessed or brute-forced.
Once they get into your account it's a mess. The criminals will start sending personalized emails that are difficult to recognize as fraudulent. We've even seen them interact with the victim's clients in real time. When a client reaches out asking "is this legitimate?" the criminals respond to them, saying it is and to enter their login credentials!
How is this possible? It's presumably partly due to generative AI engines such as ChatGPT which are able to clean up grammatical errors but also from the criminals extensively researching publicly available information.
In short, the victims we have been helping would have been saved by ensuring that they had unique, complex passwords and 2-factor authentication on their email accounts. Be sure to turn on these safeguards on your email accounts today.
Stay safe out there.
-Attila ChatGPT's joke on this topic:
Why did the Nigerian scammer become a comedian?
Because their fraud schemes were a joke, so they figured they might as well make people laugh for real!