Nigerian phishing emails have become a joke.
But while there has long been a high volume of low-level Nigerian phishing scams that target indiscriminately, there are also many sophisticated threat actors operating in Nigeria. These actors target executives and businesses in spear phishing campaigns that use an external email account to spoof communications from legitimate sources, or hijack an official account to intercept payments and transactions. Far from being a laughing matter, these methods have inflicted billions of dollars of damage on businesses worldwide.
So it’s especially satisfying to beat these actors at their own game. In this case study, SecureWorks® Counter Threat Unit™ (CTU) researchers spot a spear phishing email from a Nigerian threat actor targeting a large U.S business. CTU researchers started a conversation with the threat actor, playing the role of willing victim. By employing advanced social engineering techniques back at the threat actor, CTU researchers obtained a frankly surprising amount of personal information about the adversary, including a number of bank accounts, as well as Facebook and WhatsApp handles. As it turns out, even the social engineers can be duped by their own tricks.
Secureworks calls this tactic offense-in-depth. The primary goal is to uncover personal information about the criminal and cause as much damage to their operation as possible. This means foregoing simple takedowns of infrastructure which can be quickly replaced, in favor of longer-lasting, and more damaging measures.