Three individuals have been arrested in Nigeria after a cybercrime task force comprised of INTERPOL, Nigeria policeForce, and Group-IB tracked them and their attacks. This group of individuals specialized in business email scams, where they would pretend to be an executive or manager in need of an immediate “favor” from their mark. Like most spear-phishing attacks, these individuals relied on a significant amount of research and interaction with both their mark and the individual they would be impersonating, as their attacks relied on being able to pass a cursory inspection.
These types of phishing campaigns rely on the natural inclination of an individual to respond to an urgent request from someone they believe in a position of power over them as it provides an additional level of screening. Nobody wants to risk their job by angering their manager or an executive, and when combined with the urgency of the message and its seeming legitimacy you get a powerful recipe to make someone overlook indicators which they would normally catch.
This group would also create websites targeted to both their mark and target designed to draw them in and allow them to gather information or their credentials if possible – an email from an executive is much more convincing if it actually is coming from their email address. INTERPOL has announced that while this initial arrest was considered a success, they are aware of multiple sub-groups whose members are still at large.