Nigerian scams and those coming out of Eastern Europe (the Former Soviet Union countries or FSU) have 3 goals:
- Identity Theft
- Financial theft – both directly from accounts and from bogus fees (Advance Fee Frauds)
- To involve the unwitting victim in laundering money
Of all the Nigerian/FSU schemes involving counterfeit drafts and money laundering, the most pernicious is
the Payment Processing Scam because its very complexity allows for the manipulation of several victims
and their personal and financial information at once.
Personal and financial information is used to open bank accounts; register fraudulent web sites; open
eBay accounts to sell non-existent merchandise; purchase [throwaway] pre-paid cell phones; post fake
Classified Ads; and engage in other illicit activities. Scammers use copies of passports, driver’s
licenses, national identity cards, and visas as fake proof of who they are in email scams. Most of all,
the information is sold and resold to information buyers and sellers across the globe.
Personal information is stolen from Nigerian/FSU victims as a matter of course.
Selling stolen personal and financial information is a lucrative business, one that Nigerian/FSU scam
groups are not about to overlook.
Few people realize that it requires only cursory personal information in order to uncover Social Security
Numbers and property assets using different detection tools readily available on the Internet. This
information is sold over the Internet, sometimes on web sites that specialize in the sales or auctions of
personal information and credit cards or through the Black Market stolen information network.
Worst of all, the general understanding about Identity Theft is that you are safe if you have poor credit.
This is not true. There are many short-term uses for stolen identities. They are bought by illegal aliens,
drug runners, felons, and fugitives. They are used by those who already have two counts on their record but
persist in shoplifting, reckless driving, theft, or selling drugs. It is not very difficult to get a local
driver’s license with minimum identification.
Phishing emails and sometimes scam emails contain RATware patterns. The RATware may be contained in an
image or may be directly embedded in the email’s HTML. A RAT is a computer virus that allows remote log
in by a hacker to the victim’s computer where he can gather passwords and usernames, credit card information,
online banking information, e-mail address books, watch the Internet activities of the computer user in real
time, and order checks / transfer funds from the user’s online bank accounts and PayPal accounts.
Keyloggers make note of each keyboard stroke, gathering usernames and passwords. Ordinary malicious spyware
can delve into every corner of a computer’s hard drive and gather all Internet activity from cached files.
Malware can be auto-downloaded from web sites that have no idea that malicious code has been embedded on
their pages. Video, game, and music downloads often come with spy ware that is harmlessly used for marketing
purposes, and sometimes spy ware that is malicious.
Few people have any understanding of security software, how it works, how to operate it, and what security
software they should have and not have on their computer. At Fraud Aid we have found that fraud victims
may have installed multiple firewalls, negating all installed firewalls, and more than one anti-virus, which
can render all the installed anti-virus programs useless. Or, they have not installed any security software
at all.
The popular misconception is that anti-virus and anti-spy ware programs are pro-active; however, security
programs are reactive, meaning that a preventive measure for a new (zero-hour) worm, virus, or spy ware is
not configured until after it hits the Internet. Those hit with zero-hour malware may have little or no
protection at all. For this reason, manually running software security programs at least once a week in
addition to automated updates are vital components of computer security.
Financial information is stolen from personal computers, companies, banks, and government disbursement agencies.
Social engineering of disgruntled or dismissed employees is one method of obtaining financial information
from within banks, corporations, and government disbursement agencies, or to obtain blank check or money
order stock. Relationship scams are used for this purpose; threats of violence to a target or members of
the target’s family is another method; and yet another is blackmail by watching a target’s perhaps unsavory
Internet activity or email evidence of an affair.
Hacking into intranet computers is a popular form of obtaining electronic financial information, especially
if those computers are connected to other agencies or companies. Dumpster diving, physical theft of credit
cards and checkbooks, fake fronts on ATM machines, palm swipers, double-swiping by running a credit card
through an under-the-counter magnetic strip reader, phishing, fake online loan applications, stealing checks
from mailboxes, all of these and more are used to collect financial information.
Nigerian/FSU scam groups needed to find a way to directly profit from all the financial information they
were gathering. The scam groups could not transfer the money straight to themselves without risking
exposure; therefore, the counterfeit draft and money laundering schemes were developed which use using
unwitting victims who are generally ignorant of financial processes and quick to follow orders as a means
of putting distance between the scam groups and the source of the money.
