On December 11th, Fola got an email from his mom who is based overseas to transfer N320,000 to a gentleman in Ajah as payment for “a project”.
By this morning, he was on his way to the bank to effect the transaction when he suddenly decided to call his mom to confirm what the money was for.
When his mother picked the call, she denied ever sending an email for such a transaction. Fola was dumbfounded, for he was moments away from the bank and minutes away from having a very unmerry christmas courtesy of Nigerian scammers.
Such emails were routine for his mom and if not for the random phone call he put across as he made his way to the bank, he would have been duped.
The scammers technique is to quickly study the emails of the hacked account (in this case Fola’s mom). They scan through emails to see previous bank transactions and general conversation to learn where the vulnerabilities to be exploited are located. Then they strike.
Maryland based IT expert, Ope Arowojolu did a cursory analysis of the malicious code in recent emails sent by the scammers with subject “invoice”.
He says, “The malware generates an alert claiming you’ve been logged out of gmail. It then creates a webpage similar to the gmail login page. Once a user submits their google account details, the details get sent to the attacker’s server hosted on altervista in Italy, a known place for phishing attacks. After submission the user is redirected to gmail. The user is unaware of this due to the seamless nature of the attack.
“Although the malware is designed to target gmail users, a version could easily be made for other email providers. My advice is for users to not click on any attachments they’re not expecting.”
Fola notes that the hackers also send malicious emails with other subjects such as “APPROVED”.
His mom, Pastor Sarah also has this advice for Nigerians. She wrote an email note to her contact list with the subject, “CHRISTMAS: NIGERIAN HACKERS ON THE LOOSE”.
She notes,
“If you recently got an email from my address asking for money, please i did not send any such email.
My mail was hacked and I just got to know of it 2 a.m this morning because someone was confirming from me before trying to make a payment on my behalf to persons unknown to me.
Also be advised DO NOT OPEN ANY EMAIL attachment where the subject is : INVOICE, or REMITTANCE or KURAMO RESTAURANT etc, even if the name of the sender looks like that of anyone of your contacts.If you do, it will take you to a screen which says you are logged off, and ask you to relogin. It is at this time that your password is copied and your account compromised
Have a safe holiday season. Shalom
