Interpol Nabs Nigerian Man Behind Massive Email Phishing Campaigns

pcmag.com:

Interpol says(Opens in a new window) it’s identified the head of a Nigerian cybercrime gang responsible for launching phishing email attacks on four continents. 

Interpol arrested the 37-year-old Nigerian man with the help of local police in his country and IT security firms, including Palo Alto Networks, Group-IB, and Trend Micro. The unnamed man allegedly orchestrated phishing attacks and business email compromise schemes targeting thousands of companies and individual users, according to Group-IB. 

Interpol didn't get into specifics, but the agency had enough intelligence to “map out” the Nigerian man's online activities. Both Group-IB and Palo Alto Networks were even able to uncover the suspect's social media activity. 

Palo Alto Networks added it was able to identify 240 internet domains the Nigerian man allegedly used in his phishing schemes. “Of that number, over 50 were used to provide command and control for malware. Most notably, this actor falsely provided a street address in New York City associated with a major financial institution when registering his malicious domains,” the company wrote in its report(Opens in a new window). 

This means the suspect sent phishing emails to victims loaded with malware. Palo Alto Network said the malware programs included LokiBot, Pony, and ISR Stealer, which are capable of stealing passwords from computers.  

The goal behind such phishing attacks is usually to loot funds from the victim. By capturing login credentials, a hacker can engineer ways to drain money from a person's online banking accounts. Business email compromise schemes, on the other hand, often involve impersonating a company's CEO and then tricking staff into wiring funds to a hacker-controller bank account.