Scam of the day – August 24, 2016 – Nigerian cybercrime ringleader arrested

It was recently announced that Interpol and Nigerian law enforcement, in a cooperative effort, arrested a Nigerian man considered by Interpol to be the mastermind behind a network of forty cybercriminals operating in Nigeria, Malaysia and South Africa who had been perpetrating Internet fraud and cybercrimes throughout the world.  Estimates of the amount of money stolen by these cybercriminals is as high as sixty million dollars.  Two of the primary scams operated by these criminals were the CEO email fraud and the business email compromise.  I have written about both of these scams in previous Scams of the day. In the CEO email fraud, the scammers hack the email account of a CEO or other corporate executive and then send an email to someone who handles payments for the company, requesting funds be wired into an account controlled by the scammers.  In the other scam, it is the email account of a business is hacked and an email containing a bill is sent to one of that business’ legitimate customers with instructions to wire the money to an account controlled by the scammers.  Earlier this year the FBI in a warning about these types of scams said that over the last couple of years, these scams have cost companies billions of dollars.


Both of these scams are both sophisticated and quite simple.  They also are relatively easy to defend against.  Hacking an email account is not a terribly difficult thing to do so, whenever an email appears from someone in a corporation requesting that money be wired anywhere, a simple security measure to take is to not send any payment until the legitimacy of the transaction has been confirmed by phone or text message.  As for bills from companies with which you do business, the key thing is to not only confirm the accuracy of bills before payments are authorized, but also to confirm the accuracy of the bill before sending out such checks particularly by way of wire transfers to make sure that they are being sent to the bank account to which funds have been legitimately sent in the past.  If the funds are being requested to be sent to a new or different bank account, the legitimacy of the billing should be confirmed before any payments are made.

Scam of the day – November 24, 2013 – Phony Yellow Pages scam

The Federal Trade Commission recently got an injunction stopping the operation of a scam based in Montreal, Canada, but aimed at American businesses and churches involving phony online business directory listings.  At the time that the FTC acted, the scammers, Mohamad Khaled Kaddoura, Derek Cessford and Aaron Kirby as well as the fifteen companies under which they operated had stolen more than fourteen million dollars from unsuspecting victims.  The scam would start with a phone call in which the scammers said that they were verifying contact information to update or confirm existing directory listings.  Other times they said that they were calling to verify information for cancellation of a listing.  In every instance, these were total misrepresentations because the businesses and churches called had no previous relationship with the callers.  The calls were then followed up with bills averaging about $500.  When the victims complained, the scammers played back portions of the initial telephone calls that made it sound like they actually did purchase the listing services.  If the victims still refused to pay, the then received calls purporting to be from collection agencies threatening legal action.


Never provide information to anyone over the phone or in response to an email or text message unless you are absolutely sure that the person contacting you is legitimate and they have a legitimate need for the information you are providing.   In this case,  people receiving the original call should have refused to provide any information until they had verified that their company or church actually had an account with the caller, which, of course they did not.  Had they taken this simple step rather than provide information to someone they did not know, they could have avoided much trouble.  This is a valuable lesson for all of us.  Scammers will often sound legitimate, but being aware of that, you should always decline to provide information to anyone who contacts you until you have absolutely verified that the call is legitimate and the need for the information is legitimate.