Traditional takedowns of cybercrime enterprises generally rely on court orders that facilitate either taking servers offline or sending the criminals malware that helps identify them or their locations. Sometimes, however, the technical option is second best.
Researchers at Dell SecureWorks today at RSA Conference 2017 shared details on their efforts to shut down a Nigerian scammer running a complex and profitable business email compromise and business email spoofing operation. The job required researchers gaining the scammer’s trust, speaking his language, learning his tradecraft as well as he knows it, and frustrating him to the point where he turns tail because the cost of doing business becomes too great.
“It’s interesting how they are very specialized; this looks nothing like other types of scams associated with Nigerian fraud. These guys are seeking out people looking for business loans on forums used by investors,” said researcher Joe Stewart. Stewart said the fraudsters targeted executives in a number of industries, including oil and health care.