Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts
Image: EFCC
Catalin Cimpanu March 22, 2021

Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts

Suspected BEC gang arrested in Nigeria amid internet fraud crackdown efforts

Nigerian authorities arrested 18 suspects last week in the province of Ogun on internet fraud-related charges, including malware and business email compromise (BEC) attacks, officials told The Record today.

The suspects were arrested at the Remo Majestic Hotel in the city of Shagamu during a law enforcement operation that took place on Wednesday, March 17, 2021.

Besides the arrests, police officers also seized a large number of exotic cars, mobile phones, laptops, Wi-Fi, and modem devices, authorities said.

Recent crackdown against internet fraud groups

The arrests represent just the latest action of the Nigerian Economic and Financial Crimes Commission (EFCC) against internet fraud groups.

Nigerian authorities have increased efforts to go after internet crime groups in the past two years after pressure from law enforcement agencies abroad.

Known as “ya-ya boys” or “G-work” groups, many internet crime groups have been operating unhindered from the western African nation since the late 1990s.

Financial losses caused by these groups have skyrocketed in recent years after many gangs changed tactics from targeting individuals through classic Nigerian prince and romance scams in the 90s and 2000s to targeting the larger bank accounts of companies and government agencies with more complex malware and BEC operations in the late 2010s.

In an FBI report published last week, BEC scam attacks ranked as the top source of financial losses in internet-related crime for the third year in a row, with nearly $1.9 billion lost in 2020 alone.

According to a report published by cyber-security firm Agari in October 2020, around 50% of all BEC scam groups are believed to reside in Nigeria.

Its statistics like these that have pushed US and other international authorities to start targeting BEC groups and work with the EFCC to track down and arrest perpetrators, many of whom never bothered to even hide their identities, after having escaped prosecution for their crimes for almost two decades.

“EFCC has become more aggressive in recent years with arresting scammers in Nigeria,” Crane Hassold, Senior Director of Threat Research at Agari told The Record today.

Past operations included:

But in a conversation with The Record today, Hassold said that despite the increased activity from Nigerian authorities, the arrests have yet to put a dent in the number of cybercrime operators currently active in Nigeria, which the Agari exec estimated to be in the realm of thousands.

One way in which authorities could amp up their operations would be to go after money mules —the persons or groups who act as intermediaries in the illegal money transfers— which would create a choke-point in BEC attacks by reducing the options available to transfer stolen funds, Hassold said.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.