Back in the early 2000s, a coworker walked into the office I shared with several other people, totally distraught. When asked what was wrong, he told us that a relative of his had fallen for the Nigerian email scam, lost tens of thousands of dollars, and now risked losing his home. It was a sad story to hear.
When the coworker left, one of my officemates snickered, saying she couldn’t believe that someone would actually fall for those scams. This was several years before I started writing about network security, but even then I knew how easy it would be for someone to fall for a scam. First of all, the Internet was still in the early days of adoption, and this victim had only had his email account for a few months. Secondly, our office had just been hit with one of the early viruses that was making the rounds, and thanks to the officemate who had snickered, we’d had first-hand experience at being fooled by a fake email phishing scam.
Thankfully, the general population became a little savvier about Nigerian scams, also known as 419 scams, we heard less about them, and I pretty much stopped receiving them in my junk email folder. I know they didn’t go away, but with newer scams and more effective malware, the scams faded into the background. At least, I didn’t know of anyone else who had been taken in by them.
But, it appears that 419 scams are making a comeback. Palo Alto Networks' threat intelligence team Unit 42 recently released a report, 419 Evolution, which warns that the scammers have become more sophisticated and are now using more advanced technologies to target businesses. Rather than relying on social engineering techniques to scam a soft-hearted person into handing over their bank account information, the 419 scammers are now using malware. It also appears that the scammers are interested in bigger payouts, which they can find via business attacks.
In the operation, Nigerian scammers turned to underground forums to purchase RATs like NetWire, which gives them remote control of Windows, Mac and Linux platforms, or DataScrambler, which can evade most AV solutions and “maintains persistent operation through system restarts” spreading to other users via applications like Facebook and Skype, Palo Alto revealed.
They continue to use social engineering techniques, rather than finding vulnerabilities in software and applications, to spread the malware. According to PC Magazine:
They appear to be stealing passwords and other data to launch follow-up social engineering attacks.
"Thus far we have not observed any secondary payloads installed or any lateral movement between systems, but cannot rule out this activity," the researchers wrote.
Right now, the researchers recommend taking the usual steps one would use to prevent any malware download: Don’t click on executable attachments and block them from ever arriving to your inbox if possible. Also run a scan to make sure that malware is not stored away in hidden files.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba