How To Scam - The Adventures of Uche, Okiki and HawkEye

Uche and Okiki are two Nigerian nationals well versed in the art of infiltrating business supply chains and diverting money into their own accounts. Their preference is to target small businesses located in emerging markets. Their modus operandi is to steal information by way of communication intercepts. The two are known to make use of HawkEye in order to backdoor their victims.

HawkEye is a keylogging program that allows for advanced keystroke monitoring. Not only does it record what the user has typed but it also recovers saved passwords in browsers that may have been forgotten. HawkEye can be purchased online for just $35 (with the option of paying via bitcoin) and is frequently sent via an email with an attached .exe or ZIP file that purports to come from a legitimate business contact.

The stolen information enables Uche and Okiki to move up and along the supply chain of the companies that they infiltrate. They are then able to divert funds to accounts that they control. Whilst some operatives elect to sell stolen data as soon as they acquire it, our Nigerian operatives are more patient.

Uche and Okiki's exploits prove that the size of the enterprise is not what makes for an attractive target. Rather, everyone is a potential target - they go where the opportunity is.

Here are some key steps taken by our duo:

1. Register/Create multiple email addresses, with names closely related to the target industry. Uche is known to have created over 200 emails for his social engineering endeavours. Google, Yahoo, Yandex, Live or Mail.ru services will suffice.

2. Send emails to target business, purporting to be from legitimate business contacts. Lure the victim in with promises of future transactions.

3. Use upcoming public holidays to raise urgency and speed up potential transactions.

4. Encrypt malware, especially when using commercially available programs such as Hawkeye. While some cybercrooks encrypt their own programs, Uche prefers to use a ready made encryption tool called DataScrambler.

5. Use a counter AV service to ensure that the malware will slip through. Samples scanned on counter AV websites are not shared with the AV vendors, giving more time for the cybercriminals to infect machines. Uche is known to use Scan4You, RazorScanner and No Distribute.

6. There are many tools available that allow scammers to send bulk emails to initiate contact with potential victims. Advance Mass Sender is the preferred choice of some, others use PHP scripts.