The recent sentencing of two Nigerian nationals, Soloman Ekunke Okpe and Johnson Uke Obogo, yet again has drawn attention to the pervasive nature of online scams and the devastating impact on unsuspecting victims.
For over six years, the two Nigerian scammers were able to rake in an astounding sum of nearly $1 million through their elaborate schemes, spanning various fraudulent methods such as phishing emails and romance scams.
“Solomon Ekunke Okpe, 31, of Lagos, and his co-conspirators devised and executed business email compromise (BEC), work-from-home, check-cashing, romance, and credit card scams…,” a Department of Justice news release read.
The Cyber Express went through the details of the operation, and many more of similar nature, to find certain common threads of the same color.
Online scams: The common patterns
In this case, the group crafted special emails before sending them to targets for the best results. The sentenced scamming duo engaged in criminal activities between December 2011 and January 2017. They targeted First American Holding Company and MidFirst Bank.
The basic premise of the scam is that the scammer contacts the victim via email, social media, or other online platforms, claiming to have a substantial amount of money tied up in a legal or bureaucratic issue.
They often present a story involving political instability, inheritance, or funds trapped in a bank account. The scammer then requests the victim’s financial assistance to help transfer the funds out of the country in exchange for a share of the money.
To make the scam seem legitimate, the scammer may provide forged documents, use official-sounding language, and create a sense of urgency or secrecy. They may also request personal and financial information from the victim, such as bank account details, in order to facilitate the supposed transfer.
However, once the victim becomes involved and sends money or provides personal information, the scammer continues to make further requests, citing unexpected fees, legal complications, or other hurdles that require additional payments.
This cycle can continue until the victim realizes they are being scammed or runs out of money.
Online scams: Common modes of operation
Okpe and Obogo, the cybercriminals who operated out of Nigeria and Malaysia, used a variety of techniques to cheat users. Business Email Compromise (BEC) was one of them that according to a 2021 report led to more losses than other mechanisms of online scams.
BEC is different from phishing emails in a way that it’s used to target businesses. While phishing emails are sent to any users of the Internet. BEC scams have led to severe losses to companies of all sizes.
Phishing emails – Soloman and Johnson first stole login data using phishing emails. They then hacked users’ accounts and stole their system data. They were also found impersonating others who appear legitimate and credible to targets.
Spearphishing – Okpe and his fellow conspirator would use spear phishing to target specific individuals from various walks of life be it work-from-office, work-from-home, job seekers, love-sick individuals on dating websites, etc. Spearphishing
Impersonation for fraud – In their crimes, they duped individuals, banks, and businesses. They used stolen credit cards and assumed fake identities to pass as trusted individuals and made wire transfers to banks.
Fraudulent employers – In other instances, the scamming Nigerian duo pretended to be employers on job websites and forums and targeted jobseekers from Arizona and other places. They offered illegitimate jobs to individuals seeking remote work opportunities and in turn tricked them to help the scammers with their fraudulent activities.
Individuals were asked to create bank accounts that would instead help the Nigerian online scammers transfer money among themselves.
Romance scams – Using fake accounts, online scammers duped individuals on dating websites. Speaking about the same, the DoJ news release read, “Okpe and his co-conspirators additionally conducted romance scams by creating accounts on dating websites, feigning interest in romantic relationships with individuals under fictitious identities, and causing these victims to transfer their money overseas and/or receive money from wire-transfer scams.”
Although several victims of the online scammers have been identified by the FBI, others were requested to contact the Victim Witness Section at the U.S. Attorney’s Office for the District of Arizona using the email – [email protected]
With this scam, the online fraudsters managed to walk away with tens of thousands of dollars.
Although the Department of Justice released the news report on March 27 for the Nigerian online scammers, similar scammers are on the loose duping unsuspecting individuals.
Noticing the increasing number of online scams and frauds, the Federal Trade Commission has been sending regular updates to subscribers.
The alerts with details about the kind of fraud, preventive measures, and reporting methods can be found here – Consumer Alerts from the Federal Trade Commission.
Common online scams to be avoided –
- Medicaid scam – “When big changes affect millions of people, scams will follow,” the report for the Medicaid scam page read. Scammers in this fraud targeted individuals who were looking for renewing their enrolment in the state Medicaid agency. They asked for details and/ or money over the phone or other online messages.
- Job scam – Here, job seekers were shown real however now closed job offers on employment websites. They made accounts on LinkedIn, and Indeed among others to have job seekers share their personal data, mostly through their resumes.
- Subscription scam – Users would be sent subscription messages for items they did not apply for. Users were sent pending payment details.
- Immigrant scam – “When there are big changes that lead to confusion, scammers prosper,” the FTC alert about this scam read. Here, scammers impersonated lawyers who offered to help with immigration. Often they charged for immigration forms that were available for free. Hence it is important to read government websites on similar needs instead of going to local lawyers, online forums, or individuals for help.
First defence against online scams: Get the password right
It is essential to practice good cyber hygiene to avoid threats and online scams. Having a strong password that is not 6 or 8 characters long is a basic necessity while creating a password.
Hackers can use tools to guess small passwords especially those that are often set as default ones or those that are easy to remember.
“According to a 3TB database of passwords spilled in security incidents, the most popular password across 30 countries was, you guessed it, “password”. Second most common pasword was “123456”, followed by the slightly longer “123456789.”
Such passwords do not take more than a few seconds to crack, a report by We live security concluded. The above samples can be used to create one’s own passwords with a different combination of letters, numbers, and special characters.
The weakest link, and ironically the strongest defence, is the awareness level of the targets.
How do online scams hoodwink us?
Emotional manipulation: Scammers skillfully exploit emotions like greed, fear, compassion, or urgency. They create compelling stories that appeal to victims’ desires for financial gain, personal connections, or assistance in difficult situations. By playing on these emotions, scammers cloud victims’ judgment and make them more susceptible to manipulation.
Trust and authority: Scammers often present themselves as trustworthy individuals or organizations. They may claim to be representatives of well-known companies, government officials, or authoritative figures. This deception makes victims more inclined to believe the scammer’s claims and follow their instructions.
Lack of awareness: Many people are not fully aware of the tactics and techniques employed by scammers. They may be unfamiliar with the prevalence and sophistication of online scams, which makes them more vulnerable to deceptive schemes.
Social engineering: Scammers leverage psychological tactics to exploit human behavior and decision-making processes. They employ techniques such as building rapport, creating a sense of urgency, or instilling fear to manipulate victims into taking the desired actions.
Cognitive biases: Our brains are susceptible to cognitive biases that scammers exploit. For example, the “authority bias” leads us to trust individuals in positions of authority, even if they turn out to be fraudulent. The “scarcity bias” makes us more likely to act impulsively when we believe there is a limited opportunity or fear missing out on potential gains.
Lack of information or education: Some individuals may lack sufficient knowledge or understanding of online scams, cybersecurity best practices, or the risks associated with sharing personal information online. This lack of awareness increases their vulnerability to scams.
Desperation or financial struggles: Scammers often target individuals facing financial difficulties or desperate situations. Such individuals may be more willing to take risks or believe in seemingly lucrative opportunities that promise financial relief.