A new fraud scheme has been uncovered by cybersecurity researchers after members of the scam accidentally infected themselves with their own malware.
The “wire-wire” scheme was first discovered in February by researchers at security firm SecureWorks, a subsidiary of Dell. The scam is thought to have earned a group of around 30 to 40 Nigerians as much as $5 million per year by targeting businesses and individuals with malware.
Once a computer is infected by the malicious software, a screenshot of the computer is sent to a public web server every five minutes. The scam came to the attention of the researchers when one of the members mistakenly became infected with the malware, exposing the group and its victims.
“We’ve gotten unprecedented insight into the very nitty-gritty mechanics of their entire operation,” James Bettke, a researcher at SecureWorks, told IEEE Spectrum.
The scheme, detailed in a report presented at the Black Hat security conference in Las Vegas last week, is a more sophisticated version previously used by scammers called a Business Email Compromise (BEC).
BEC scams involve criminals impersonating executives using fake email addresses from internal corporate accounts. In contrast, the wire-wire scheme use malware to break into corporate accounts and secretly change the settings so that any correspondence is sent back to the criminals.
The scammers are then able to intercept emails at the point of transaction and change the payment instructions so that funds are diverted to their accounts. Victims only notice they have fallen victim to the scam when the money does not show up where it is expected to.
The group is currently being investigated by Interpol and the Federal Bureau of Investigation.