On Thursday, CYBERSECURITY firm, Agari, detailed a newly discovered Nigerian email scam team, dubbed “Scattered Canary,” composed of dozens of members.
Unlike with criminal hackers and espionage groups, there is not as much research into the taxonomy of actors in email fraud, but since it can siphon off as much as $2 billion each year, it’s a threat worth understanding.
Agari won’t publicly discuss its methods for gaining intelligence on Scattered Canary. But given methods they’ve used to detail similar groups in the past, which were only shared with Axios under the condition that they not be included in stories, they have extensive visibility on how a group operates, who is involved and their criminal history.
“We have a 10-year look on how this developed from a single individual into a group that comprises at least 35 people that we know of,” Crane Hassold, senior director of threat research at Agari, told Axios.
Scattered Canary started as a small-time operation in 2008 — a single actor dubbed “Alpha” running Craigslist scams with the help of a more seasoned mentor, dubbed “Omega.” The tandem committed 419 total Craigslist scams, averaging $24,000 in profits.
Alpha is currently engaged and has three kids. In 2010, he began running romance scams, extorting money from victims and using them to do menial tasks in other scams, such as opening bank accounts.
In 2015, Alpha started scamming corporations and began hiring additional employees.
Like other groups, Scattered Canary uses commercial lead generation services to compile lists of potential victims.
ALSO READ:Buhari receives report on political situation in Benin Republic
Since 2017, the group has perpetuated several fraudulent attacks on the U.S. government, including filing 13 tax returns and 11 Social Security benefit applications. It’s also filed applications for Texas unemployment benefits under nine identities and applications for FEMA disaster assistance under 3 identities.
Hassold said: “I’m worried about what happens when the Eastern European, Russian and Southeast Asian groups realise, ‘Why are we spending so much money on infrastructure and paying developers to develop malware when we could just send an email to someone, ask them to send us money and they’ll do it?”