September 9, 2013

A crude but effective online service that lets users deploy keystroke logging malware and then view the stolen data remotely was hacked recently. The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored.

The login page for the BestRecovery online keylog service.

The login page for the BestRecovery online keylog service.

At issue is a service named “BestRecovery” (recently renamed PrivateRecovery). When I first became aware of this business several months ago, I had a difficult time understanding why anyone would pay the $25 to $33 per month fee to use the service, which is visually quite amateurish and kludgy (see screenshot at right).

But that was before I shared a link to the site with a grey hat hacker friend, who replied in short order with the entire username and password database of more than 3,000 paying customers.

Initially, I assumed my source had unearthed the data via an SQL injection attack or some other  database weakness. As it happens, the entire list of users is recoverable from the site using little more than a Web browser.

The first thing I noticed upon viewing the user list was that a majority of this service’s customers had signed up with yahoo.com emails, and appeared to have African-sounding usernames or email addresses. Also, running a simple online search for some of the user emails (dittoswiss@yahoo.com, for example) turned up complaints related to a variety of lottery, dating, reshipping and confidence scams.

The site was so poorly locked down that it also exposed the keylog records that customers kept on the service. Logs were indexed and archived each month, and most customers used the service to keep tabs on multiple computers in several countries. A closer look at the logs revealed that a huge number of the users appear to be Nigerian 419 scammers using computers with Internet addresses in Nigeria.

The seriously ghetto options page for BestRecovery web-based keylogger service.

The seriously ghetto options page for BestRecovery web-based keylogger service.

Also known as “advance fee” and “Nigerian letter” scams, 419 schemes have been around for many years and are surprisingly effective at duping people. The schemes themselves violate Section 419 of the Nigerian criminal code, hence the name. Nigerian romance scammers often will troll online dating sites using stolen photos and posing as attractive U.S. or U.K. residents working in Nigeria or Ghana, asking for money to further their studies, care for sick relatives, or some such sob story.

More traditionally, these miscreants pretend to be an employee at a Nigerian bank or government institution and claim to need your help in spiriting away millions of dollars. Those who fall for the ruses are strung along and milked for increasingly large money transfers, supposedly to help cover taxes, bribes and legal fees. As the FBI notes, once the victim stops sending money, the perpetrators have been known to use the personal information and checks that they received to impersonate the victim, draining bank accounts and credit card balances. “While such an invitation impresses most law-abiding citizens as a laughable hoax, millions of dollars in losses are caused by these schemes annually,” the FBI warns. “Some victims have been lured to Nigeria, where they have been imprisoned against their will along with losing large sums of money. The Nigerian government is not sympathetic to victims of these schemes, since the victim actually conspires to remove funds from Nigeria in a manner that is contrary to Nigerian law.”

Oddly enough, a large percentage of the keylog data stored at BestRecovery indicates that many of those keylog victims are in fact Nigerian 419 scammers themselves. One explanation is that this is the result of scammer-on-scammer attacks. According to a study of 419ers published in the Dec. 2011 edition of Cyberpsychology, Behavior, and Social Networking (available from the Library of Congress here or via this site for a fee), much of the 419 activity takes place in cybercafes, where “bulk tickets are sold for sending spam emails and some systems are dedicated to fraudsters for hacking and spamming.”

The keylog records available for the entries marked "Yahoo Boys" show that Nigerian 419 scammers were just as likely to use this service as to be targets of it.

The keylog records available for the entries marked “Yahoo Boys” show that Nigerian 419 scammers were just as likely to use this service as to be targets of it.

Perhaps some enterprising Nigerian spammers simply infected a bunch of these cybercafe machines to save themselves some work. It is also possible that vigilante groups which target 419 scammers — such as Artists Against 419 and 419eater.com — were involved, although it’s difficult to believe those guys would bother with such a rudimentary service.

BestRecovery gives customers instructions on how to use a provided tool to create a custom Windows-based keylogger and then disguise it as a legitimate screensaver application. New victims are indexed by date, time, Internet address, country, and PC name. Each keylogger instance lets the user specify a short identifier in the “note” field (failing to manually enter an identifier in the note field appears to result in that field being populated by the version number of the keylogger used). Interestingly, many of the victim PCs have a curious notation: “Yahoo Boys”.

Keylog data apparently collected from a Yahoo Boy.

Keylog data [partially redacted] that was apparently collected from a Yahoo Boy.

BLACK HAT OR BLACK MAGIC?

As noted in the above-mentioned academic paper (“Understanding Cybercrime Perpetrators and the Strategies They Employ in Nigeria”), the term “Yahoo Boys” is the nickname given to categories of young men in Nigeria who specialize in various types of cybercrime.  According to that paper, in which researchers spent time with and interviewed at least 40 active Yahoo Boys, most of the cybercrime perpetrators in Nigeria are between the age of 22 and 29, and are undergraduates who have distinct lifestyles from other youths.

“Their strategies include collaboration with security agents and bank officials, local and international networking, and the use of voodoo [emphasis added]. It was clear that most were involved in online dating and buying and selling with fake identities. The Yahoo boys usually brag, sag, do things loudly, drive flashy cars, and change cars frequently. They turn their music loud and wear expensive and latest clothes and jewelry. They also have a special way of dressing and relate, they spend lavishly, love material things, and go to clubs. They are prominent at night parties picking prostitutes at night. They also move in groups of two, three, and four when going to eateries. They speak different coded languages and use coded words such as “Mugun,” “Maga,” and “Maga don pay,” which all means “the fool (i.e., their victim) has paid.”

I had never heard that Nigerian 419 scammers relied on voodoo to increase their email mojo, and I must admit the next part of the study freaked me out a little bit.  According to the researchers, the use of voodoo and charms for spiritual protection and to charm potential victims is very common among Yahoo Boys in Nigeria, and is referred to as “Yahoo Plus.” But wait, there’s more. From the paper:

“Another level of this is referred to as ‘Yahoo Plus Plus,’ which…. involves the use of human parts and may need kidnapping other human beings for rituals, which is not necessary in ‘‘Yahoo Plus.’’ In Yahoo Plus Plus, the use of things such as their finger nails, rings, carrying of corpses, making incision on their body, sleeping in the cemetery, citing of incantation, using of their fingers for rituals, and having sex with ghosts are common. A few of the informants, however, denied that they use voodoo in the business, whereas others affirmed their use of voodoo.”

While many of the victims of this keylog service appear to be 419 scammers, I found that just as often an account was apparently being used to keep tabs on trusting Americans who were being duped into sending money overseas, either in pursuit of some stolen riches or — more often — in hopes of finally meeting someone they had only met online. Often when I reviewed logs chronicling some sad situation in which a woman or man in the United States was apparently the victim of a romance scam, the identifier in the “note” field of each keylog record was “picture.” It seems clear that these romance scammers are infecting their bogus sweethearts by disguising the keylogger as pictures of themselves.

The other pattern that became evident after reviewing all of this BestRecovery user data was that roughly ten percent of the user email addresses were tied to active Facebook accounts. As might be expected, a lot of those accounts used aliases — my personal favorites being “MoolahGroup Nigeria” and “Unscrupulous Buccaneer.”  Still other accounts that were tied to legitimate, personal Facebook pages. Nearly all of them who listed their location were users in Lagos, Nigeria or Kuala Lumpur, Malaysia (with the exception of accounts apparently set up to assist in dating scams).

YB-John-PC

I put together the following slideshow, which displays just some of the Facebook profiles used by the most active customers of this keylog service.  The music for this photo montage was taken from the 419 apologist video called, I Go Chop Your Dollar, which apparently is well-known in 419 scammer circles and explains that 419 scams are “just a game,” and that everyone plays them.

The lyrics to the song are, in part:

419 no be thief, it’s just a game
everybody dey play ’em
If anybody fall mugu [fool]…
Ha! my brother, I go chop dem

Oyinbo [white] man, I go chop your dollar
I go take your money and disappear
419 is just a game
You are the loser, I am the winner

In any case, it’s likely there will be a whole line of Krebs-themed voodoo dolls somewhere in Lagos not long after this story runs. Stay tuned for the next piece in this series on 419 scams, which examines the connections between and among the 280 or so Nigerian users of this service who had Facebook accounts.

bk-voodooOne final note: It took a crazy amount of time to pore through all this data and to do so many Facebook lookups. It would have taken an eternity, had it not been for the help of Damon McCoy, assistant professor of computer science at George Mason University (my alma mater). McCoy and his band of willing grad students agreed to help with the laborious work of conducting thousands of Facebook account lookups, and then finding new Facebook accounts to do more lookups when Facebook suspended accounts for conducting too many lookups (the threshold seems to be around 50 lookups before Facebook locks an account for 24 hours). I’d also like to recognize the work of KrebsOnSecurity reader Patrick Madigan, who helped with lookups and with some of the research that will feature in the next story in this series.


110 thoughts on “Spy Service Exposes Nigerian ‘Yahoo Boys’

  1. bbird

    You are the only one that presents this information in a concise, easy to read manner. Thanks for all the articles.

  2. femtobeam

    Great Work Brian! You are just amazing. I laughed with glee at this detective work and story.

    Get the Yahoo Boys, Brian! There is much more to this than a game. I see from Google searches that several people who were scammed and lured to Nigeria were also murdered there. It is a State sponsored, criminal enterprise and a Rico mob as well.

    It would be great if the stolen photos they use could be traced via face recognition to their true owners to help clear their names.

    (It appears the “Krebs Club” of Men and Women) have put a spell on the Yahoo Boys instead. 😉 Phenominal!

    I look forward to reading the next segment.

      1. femtobeam

        According to articles all over the Internet about Nigerian scam operations, the money from the scam industry there is second only to oil for their Gross National Product. Clearly, the Nigerian Government is not prosecuting these criminals, but is part of the corruption.

        Sources:

        Wikipedia 419 Scams

        http://www.419eater.com/html/links.htm

        http://www.safety-security-crazy.com/nigerian-scams.html

        http://www.techrepublic.com/blog/it-security/the-truth-behind-those-nigerian-419-scammers/

        1. bbird

          I like when someone calls someone a moron, and when the supposed moron responds in a less than moronic way, the name caller ignores it. Oh, well.

          1. simon

            hmm, where did u get that info from? do some proper research on the Nigerian economy before continue posting trash here. How are u insinuate that the money from scan is only second to that of oil in terms of contributing to the GNP? people like you make me sick with your illitracy!

        2. Jay

          Lol…calm don. LOLLL at 419 scams bringing any significiant amount of revenue into the country, thats hilarious. Bullshit but hilarious. The useless goverment and police force does nothing about it, but just because they are useless like that. Sigh

        3. Hans

          This is why I call the country – Scamgerian…

          Nice info, Fermtobeam…!

          Size, reduced in size…

  3. Elizabeth

    Thanks Brian,
    I’m one of the victims of 419 scams. I wrote to you in 2011 about it, when I found your blog. Since then, I’m regular subscriber to your posts and learning a lot from it.
    Thank you so much.
    I can confirm, all what you wrote.

    Yes, Yahoo is preferable site for Nigerian 419 scammers.

    Keylogger was installed on my laptop, using link to install “funny emoticon”. To this day, I keep conversations history, can find you a link was used, if this matters to you. When it happened, I was completely new to computers, nevertheless realized right away, that something was wrong, when everything on my laptop started to open on their own. I took it to Geek Squad to be formatted again. Scammers tried same trick few more times.

    About using voodoo, yes they do using it, and is working.
    I felt like under spell, not being self, with feelings, that I have to send money. And,… I was sending money knowing, or suspecting that they are scammers, at the same time praying for them, and for myself to stop that circle.
    And help came, after I received visit from Homeland Security. Only after, I was able to recover myself from that spell. It took about 2 months to clear myself from it, 2 month of hell, spiritual darkness, confusion, and reality hit me how much I lost.
    Only victims knows the feelings, by others they are seen only as foolers, gullible foolers.

    Four months later came another attack from scammers. This time, came under excuse of recovering my money, but I was free from spell, taught myself about methods they using.

    First time connection was from Lagos, second time Kuala Lumpur and Ghana.

    Thank you Brian again, and thanks to all who helped you, on behave all innocent victims. I’ll forward your post to some victims I have contact with to this day. Sincere Elizabeth

    1. -B

      “Hokey religions and ancient weapons are no substitute for a blaster at your side.”

      Thanks for being one of our blasters, Brian.

      Meanwhile, Liz, look to yourself for your naivety; don’t blame it on external buga buga fakeries.

      1. CooloutAC

        nothing is the users fault nowadays anymore tough guy. welcome to 2013 where soon the internet will be policed like real life whether you like it or not.

  4. J

    I haven’t responded to a 419 for years. But I think it was back in the late 1990s when I responded to a 419 scam in this manner (paraphrasing myself):

    “I am a powerful American. If you don’t stop your illegal activity, you will stop earning money, and if you cross a wooden bridge, your penis will fall off, turn into a poisonous snake and bite you! Then I will turn you into a goat. It is done! Be good.”

    I think I got the idea from reading an article about superstition there.

    Since then, I’ve come to know some Nigerians in the U.S.: one has a PhD in the social sciences from a very prestigious U.S. university and the other has a masters in engineering from an esteemed engineering dept at a famous U.S. university. The PhD told me she believed that a white man came to her village in Nigeria (she doesn’t like that name, btw) to build a bridge, after which he turned into a goat, jumped into a river and swam away. “Many people saw it!” she claimed. The engineer told me he believes in similar supernatural occurrences, especially involving people turning into goats. They’re both very smart, so I never even murmur and chalk it up to religious-like beliefs.

    The prevalent witchcraft fears in Nigeria and other parts of Africa harken back to similar fears in the early English colonies in North America: English colonists believed and feared all sorts of witchcraft, and all sorts of hysteria reared its head along with whacky laws forbidding odd witchy things.

    I never heard back from that 419 scammer, but since then I haven’t responded.

  5. Chris Thomas

    A wonderful insight about some aspects of male African culture. Phew!

    1. SpringTimeIsHere

      This is not at all part of the the “male African culture”(whatever that means). They are just scammers, like scammers you’d find anywhere else.

      1. Neej

        I would disagree having watched several documentaries about African scammers, it is a part of the culture of the participants and others whether you find the behavior disagreeable or not.

        This is not to say that all African culture is like this of course.

        1. SpringTimeIsHere

          Well, you’ve taken the wrong message from the documentaries then.

          419scammers are no more part of “male African culture”(a phrase that already shows misunderstanding) than “My mom makes $92/hr from home with freeyourfamily1763.com.org.edu.co.tv” is part of “male American culture”

          1. Neej

            Well I trust you noted that I said of the participants and others and not the perhaps too broad “African male culture” then.

        2. CooloutAC

          when it comes to cybercrime, they are just the black market everyone in the world does business with. It really is a full circle. from China to Russia to Nigeria man. equipment to credit cards to goods….

        3. peter

          It is not part of african culture. It is bad and we africans know it is. But poverty and illiteracy are the root cause of these Plus a failed education system where people dont learn anything useful in school, So they end up seeing crime as the only alternative to making a living.

    2. Tosin

      It is not a male african culture. You need to mind what you say. These incedence happens everywhere but it is more common and publicised in one place/continent than another. Remember that good things also come from africa;in terms of academic,research,entertainment and so on so yo should not completrly condem us. I belief one day, nigeria and africa will overcome its challenges.it is a matter of time؛

  6. george

    Ha !
    Those voodoo dolls featuring you surely will get highly collectible. I’ll get in line for one ! 🙂
    Nice initiative to write about 419 scammers, the information about the scam is out there on other, more obscure, sites but obviously many people still fall for it. Your site features is SE optimized and hopefully some of the victims having doubts will find it after a short search and understand what they are getting themselves into. I’m following websites of people determined to make the 419 scammers “jobs” more difficult and it pains me to see that while 10 years ago greed was used as a hook while now humanitarian aid pretenses or romance seem to be the standard scam. Taht makes the crime twice as monstrous.

  7. Cliff

    From experience, there is a pool of Yahoo lads who are into voodoo, threatening curses etc., whilst still claiming to be ostensibly Christian.

    These curses have more effect on anyone who believes them, of course, and it was always the way in Nigeria as far as I can tell. My grandfather came back from WW2 where he was in Nigeria for a long stretch – he had stories of watching fit and healthy men told their death day/cursed by a local juju man, who would retreat to bed and die, such was their absolute conviction.

    1. IA ENG

      It may work ! Look at the history of the Chicago Cubs ! I think it was in the early 1900’s. One guy tries to bring a goat in to the Cubbies game and was thrown out. He mentions he will put a curse on the Team and the rest is history.

      When is the last time Chicago Cubs won a World Series?
      1908…………
      = X

      MAYBE this guy is the ring leader – if he is still alive and kickin’.

      http://en.wikipedia.org/wiki/Curse_of_the_Billy_Goat

  8. MeMoy

    Nice one Brian! This is great work. Exposing the modus operandi of the Yahoo boys can only help (potential) victims. I’ve heard (in my recent visits to Nigeria) that ‘yahoo yahoo’ is far less productive than it used to be. This is a positive development and one can only give kudos to cyber vigilante groups such as 419eater for their determination to frustrate these miscreats.
    To those suggesting that this is a state-sponsored effort or that the majority of male Nigerians are perpertrators, I say, you’re just as gullible as the yahoo victims themselves. Anyone that has half-a-brain would know that a small percentage of a huge number is also very huge. In a country of approximately 50 million adult mate in the 18-49 age bracket, if 0.1 percent (50,000) of that number decide to be dedicated yahoo boys, the whole world will feel the impact!
    Agreed, this is a problem that the Nigerian Government have done little or nothing to solve, but it’s not a surprise to anyone with roots in Nigeria because the government is simply irresponsible. To suggest that it’s a revenue source for the country though is simply stupid.

    1. femtobeam

      The Yahoo Boys are a tiny part of a huge industry if fraud and corruption in Nigeria. 80-90% of the population lives on $2 a day, while. Nigerian civil servants make an average of over 1 Million dollars a year. I said corruption is the second largest source of income in Nigeria, Oil is #1. They are importers of food. Their largest budget is military. 1 million people died in their civil war, over the subject of corruption.

      One source states $3.2 Billion in losses, attributed to Nigerian 419 Scammers. See below:

      Your personal attacks are meaningless.

      More sources:
      http://www.pbs.org/frontlineworld/stories/nigeria/facts.html

      http://www.et1964.com/2011/09/nigeria-beyond-419/

      http://forum.419eater.com/forum/viewtopic.php?t=150407

      http://en.m.wikipedia.org/wiki/Finance_Minister_of_Nigeria

      http://www.quora.com/What-is-the-total-annual-income-of-all-Nigerian-419-scammers

      http://consumer.georgia.gov/consumer-topics/nigerian-fraud-scams

      Each year tens of thousands of people fall victim to these scams and the losses are estimated in the hundred of millions of dollars. Here are some statistics:

      According to the Internet Crime Complaint Center, the Nigerian scams accounted for the highest losses per incident of any reported Internet-related financial crime in 2005 with an average loss of $5,000, a surge of 60 percent per incident over the rate in 2004.
      A Dutch private investigation firm which has studied the problem for a decade estimates that U.S. companies and individuals lost $720 million dollars in 2005. Consumers in the United Kingdom lost $520 million. Nigerian scam losses from 37 countries in 2005 approached $3.2 billion dollars.

      Of the Nigerian scam criminals who could be traced, 71% lived in the U.S. Nigeria accounted for the next highest portion, 7.9%.
      These scams are also referred to as “419 scams”, after the Nigerian penal code addressing fraud.

      1. peter

        I am a nigerian and you are very right about corruption in Nigeria. I chose to have a legit business and work hard but people say that I am a fool for choosing this path. Young men always try to put pressure on me into going into cyber crime but so far I haven’t budged I would rather die in poverty than steal.

  9. IA ENG

    It made be a crude website, But if the criminals can make cash with crude methods, to them that’s all that counts.

    They seem barely educated in the IT field, but what does this matter if there is little chance that the government will do anything about it. I am sure there is a vast amount of kickbacks involved, both to the goverment and probably the ISP.

    Most of this information is pretty important to security groups. They may be able to write some pretty accurate signature sets and thwart any emails or other attempts that some poor sap is willing to simply click, next, next, next.

    A few years ago, I read another blog where the author was playing along with the spammers, coaxing the spammer along. He never sent any money, but he would come up with all sorts of excuses why he couldn’t send the cash. he even asked if he could borrow some money from the scammers in order to pay down his debt so he could eventually consider sending them some money. The spammer got so ticked off that the calm, cool and collected emails went far south and it became a flaming war. It was a hoot.

    1. Neej

      This is more or less what 419eater does: they try and waste as much of the scammers time as possible by stringing them along and documenting it.

      Some of the scammers seem to be as gullible as their marks from what I’ve read :p Part of stringing them along sometimes involves putting the scammers to work doing pointless time consuming manual labour and other hilarities 😀

      (hilarities … is that a word?)

  10. Ava

    I loved the “Fighting fire with fire” approach of J. Fastinating article and I hope it spreads far and wide to advise the innocent, who are still responding to these idiots. Unfortunately, they aren’t the ones who will be reading it.

  11. bonnie

    please contact me i am concerned i was chatting with a suppose military man and things dont add up now he has tryed to contact people with same name as me

    1. Bob Martin

      Please visit Scamwarners.com. You will find caring people to answer any questions you might have about scammers.

      1. IA ENG

        First of all, if you realize you’ve been a target, the people you need to contact are the banks, CC companies and such.

        I am NOT one to contact a 3rd party organization to dish out any Personal Indentifiable Information to them. Honestly, in these times, if you read about all the bad people out there, the less that have access to your information the better.

        Between hacks, Scams and Insider Threats, thats enough of a deterent to trust the unknown.

        All it takes is a bit of initiative. Its quite simple. Have a list of banking, CC, Ebay and any 3rd party processors you may use like Paypal. If a person is limited on the ability to create and retain new passwords….. and uses the same freakin one on every site, they may have a major issue on their hands.

        Many companies do not track personnel violations pertaining to Information Security. Of all violations, people should be held accountable, and those that have a good track record can develop a level of trust. Many insider threats can accumulate massive amounts of data as they travel from job to job and who knows what they could do with that data.

        People can do what they like, but remember the phrase that “pays (the bad guys)”…… PII.

      2. Old School

        IA ENG is correct. The only person that you can absolutely trust is yourself. Change all of your passwords. Always use strong passwords and follow all of the well documented advice on good password management and good security in general. The following video gives the ultimate advice on trust: http://www.youtube.com/watch?v=xLla7i9Ohfk . Should this key piece of advice somehow disappear, find the “trust no one” scene from “I Claudius”.

  12. CooloutAC

    Love the youtube vid and song hahaha

    I always think about Russian and Chinese hackers when I think I might be hacked and always forget about the Nigerians.

    But Romance Scams are huge money man. People would be surprised by just how many are affected! For example on my block i have a couple neighbors that have been scammed by the yahoo boys most likely. I mean, my god its so widespread.

    For example right across the street from me i had one neighbor i was helping with his pc. Then hes showing me his yahoo friends. All these hot white girls that are living in Ghana. They send him provocative pictures. One he has been talking to months. They all ask for money, one for a sick mom….

    My advice to him on these dating sites was only trust the people that get on a webcam and talk to you. I imagine that has to be real hard to fake? Maybe don’t trust the people with the lips out of sync claiming bad connections haha.

    But this one chick messaged him while i was there…. i said get her on the microphone. I showed him how to use his mic and webcam. Then i could not stop laughing out loud, when i heard the person speak. It basically sounded like a guy trying to sound like a girl and failing bad hahaha….it sounded so weird and hilarious i was laughing so hard the person heard me hahah. Then I told my neighbor get her on the webcam. and OF COURSE, she claimed her webcam was broken……blah blah blah. I told him l they are all hackers trying to milk you for money or steal your identity. They aren’t even really females and those are fake pics. I was telling him the guy sounded Russian pretending to be a girl in Africa. But i guess they are all really African residents it seems now.

    And i can’t blame my neighbor for being gullible. He doesn’t know any better. Its not his fault! I just told him assume they are scammers first, never send money….and at least now he knows how to use his webcam….lol

    Great Article Brian! This hits home everywhere whether people believe it or not!

      1. -B

        “nothing is the users fault nowadays anymore tough guy. welcome to 2013 where soon the internet will be policed like real life whether you like it or not.”

    1. SeymourB

      There’s a whole subculture built around redirecting output from a video file of a famous person to a fake webcam that’s used by the software, then recording the reaction of the person on the other end. People will see what they want to see, even if the lips don’t sync, even if the typing doesn’t line up, they’ll still want to believe what they’re inclined to believe. That’s why politics is so screwed up in the US right now, everyone wants to believe the easy answers that justify their preconceived notions of whats right/wrong.

      1. IA ENG

        ahhh the false sense of Hope.

        People have a tolerence to negativity, and though they know better, people do it anyways. What’s it prove? They are gullible as mentioned in the blog.

        I don’t know why they do it. Is it for the mystery? Excitement?

        I used to laugh all the time when a credit card as did a commercial based on a guy named Igor posing as a glamour model. You didn’t see what was on the other end until the end of the commercial.

        And if you feed them money, you probably will never see the money, let alone what is truly on the other end of the wire. The truth hurts – only when one lies to thyself.

      2. CooloutAC

        Yes but those are people that need to be on medication. Not your avg user.

        1. IA ENG

          Heh. if they aren’t your average user, not matter the method, the world wouldn’t have million of computers infected over and over again.

          It doesn’t matter the scam, all it takes is a bit of curiousity and people click. Sometimes thats all it takes.

          1. CooloutAC

            NBC.com was infecting users with viruses not too long ago. Famous viruses, like Chernobyl were released on brand new IBM computers. I got the Michelangelo virus as real young kid from retail printer driver disks.. These things have not only always happened since the beginning of pcs, They are many times worse nowadays imo.

            Nowadays most users are not getting viruses by clicking on a shady sites, because they find it exciting or curious to see if they will get infected or not, like some thrill seeking sadist. Thats ridiculous to imply. Nowadays commerical websites are just as likely to infect users without clicking to install anything.

            You industry guys can tell yourselves w/e helps you sleep at night, but I find that logic very disingenuous.

    2. me

      Actually, I saw a show on marketplace a while back where people did go on camera to further convince skeptics and they were doing it in the basement of a store or some establishment if I recall correctly. I do not accept any solicitations – if I want a product, I’ll go searching. If there is a grave emergency in my family, I’ll be contacted in person by police (I imagine…?) and if there is a financial issue, my accounts would be frozen and I can deal with cash for a day or three if I need to while things are remedied.

  13. Larry Whiteside

    As always Brian, you bring out the best and most detailed articles ever. I love it. Keep up the great work!

  14. Jeff

    The main character in Lauren Beukes’ novel “Zoo City” makes money as a 419 Scammer pretending to be a tribal princess.

  15. dirty_bird

    No way I’d trust that site.

    It’s missing the Red Seal of Truth.

  16. Akinola Sogo

    I read this wonderful and revealing article of the evils the “yahoo boys” are perpetrating, its quite sad,because it has nothing to do with the African culture nor our values like some comments have read,am a Nigerian Youth who believes in legitimacy and also uphold the tenets of equity&fairness. Contrary to views here,the Economic and financial crimes commission efcc and the Nigerian Police has been trying to tackle this people effortlessly,but one of these fellows once said in a bar I was having a drink that it takes a greedy person to get duped in the con-game,I don’t know how true that is,but it seems they make outrageous offers&incredible ones. people should apply extra-caution to internet activities where your money/personal lives will be involved.I believe the era of Yahoo Boys will be history in my country’s story soon.thank you

    1. CooloutAC

      Well i always say the ones that lie the most…believe lies the most.

  17. sml156

    Hi Brian I am interested in your voodoo doll. I have four computers connected with cat 5 if possible could you attach Velcro straps to the back of the doll to make it easy to attach to the cat 5
    Thank you

  18. enutrof

    Brian, the song you mentioned comes from a movie starring Nkem Owoh called “The Master”, in which Owoh plays the scammer.

    1. enutrof

      The movie is about the downfall of a 419 scammer but the song became so notorious that it was banned in Nigeria.

  19. Jay

    Wow, this is some amazing research. You did your homework very very well Sir. I am Nigerian so I know about this Yahoo Yahoo thing very well. Everything you have said is spot on. I’ve always wondered why some scammers are so eager to send me thier pictures but now it makes perfect sense.
    Could you please do an investigation into the keylogger itself, im suprised that such crude looking software can beat today’s malware prevention applications.

  20. Nigerian Rambo second blood

    What a surprise -NOT !!

    There are millions of articles like this on the web . They all tell the same story — You must be well stupid if you fell for there scam .And if you fell for it twice then you deserve to be scammed cos you are proper thick .

    But from the other side you need to have thick people too , cos without them this world would be a hell on earth . HAHAHAHh

  21. Bill Zannie

    I enjoyed the report. Thanks for all your hard work.
    Currently, I am trying to research United Overseas Bank PLC to see if they are a real entity. Can you help. Thanks,
    Bill

  22. meh

    I think most of them aim to prey on the less educated or second language folks… The poor grammar and spelling in their emails will repel the vast majority of people with any clue about computers or the English language in general, but those who predominantly speak another language might not catch the mistakes. The sad part is they are also less likely to know what to do about it after it happens and get it resolved before their hard earned money disappears.

    The banks are in the best position to do anything about it, but as usual when they aren’t on the hook they won’t do anything.

    1. meh

      On the other hand they do provide a lot of entertainment when someone strings them along for fun and documents it for the rest of us.

      1. CooloutAC

        what? First of all most people are not hackers and do not work in the computer industry. Most people do not even realize these things are so common.

        I’m telling you man its happening on every block in nyc.

        The people they are praying on are lonely older people.

        1. meh

          Maybe but they still are not likely to have a good grasp of the English language if they fall for:

          “You are advice to note that this Firm is legitimate, and not a fraudlent one.”

          Not sure if it is worse that they would be dumb enough to believe that without recognizing any errors or if they recognize the errors as out of place and assume our schools and bank employees are that poorly educated.

    2. me

      Their method of attacking this way is actually very intelligent (whether by design or accident is to be determined) – they have a very low threshold of false-positives for hits (because a low volume of people are suckered into believing it, but those that are, are likely easy prey), making their work extremely targeted and successful. The low volume is obviously lucrative enough to support the business models progression for so long though.

      1. meh

        It only works because their government is corrupt enough to allow it – they leave a trail a mile wide pointing back at themselves.

  23. Efe

    419 is the result of the institutionalization of corruption in Nigeria in the middle 1990s. It has grown to become the largest employer of youths in the county, since there are no real jobs for the youths. The actions of the 419ers have been emboldened by the collaboration of the security agencies who partake of the booties, instead of presecuting them. It is quite unfortunate but that is the simple truth. 419 as permeated every segment of the Nigerian society and culture. The successful 419ers have become part of the power political and economic class. They are worshipped and celebrated, despite their criminal nature. Please, delete any email from them as soon as you spot one on you inbox. Thanks

  24. Peter

    Thank you for this great article. I have taken the liberty to share on LinkedIn as many of my connections might consider this as very interesting

  25. Gary

    There is a degree of ill-informed and speculative nonsense being posted here about “male African culture” and corruption in Nigeria being “state sponsored”, which is total hogwash. There is also a great deal of ignorance about the country being discussed.

    Nigeria splits up into 4 basic groups. Modernists who are mainly professing Christians with animist or pagan cultural backgrounds and who predominate in the South West and feature mainly in the modern private practice professions in the South West of the country. This area is also the principal source of Nigerian travel and emigration and also, unfortunately, of these type of scams.

    The total population of this area is approximately 25 million people. Every single one of the items of vocabulary in the article come from the language that predominates in this South West region of the country. This ethnic group contributes the overwhelming majority of fraud, internal and international crime statistics and much of the country’s appalling reputation for dishonesty and corruption. The majority are professing Christians but are heavily influenced by modern, charismatic, materialistic, get-rich-quick forms of Christianity which they intertwine with deeply-rooted traditional superstitions and beliefs linked to their ancestral animist customs. The stubbornly-held, guiding spiritual principle amongst such people is that Westerners must have superior technology, societal organization and wealth because their predominantly Judeo-Christian faiths must somehow endow them with special, enabling, supernatural powers and insights. These people therefore think that by outwardly adopting Christianity but supplementing it with animist superstitions and practices, they will become similarly endowed.

    Belief systems can produce outcomes that defy all rationality. So, just as it is possible to have a Western Rocket Scientist who send probes to explore the universe during the week but who also goes to church on Sundays and fervently worships an invisible God, so it is possible to have a Nigerian architect who believes that if you cut off a goat’s head, sprinkle it with cut fingernails, wrap it all in cabbage leaves and leave it to rot in your back yard before going to church on Sundays, it will accelerate the passage of your prayers to their spiritual destination.

    There is a loosely associated group of about 25 million culturally similar people to the South East who are also predominantly a mixture of Christians and animists and who travel abroad and emigrate in significant but smaller numbers than the previous group but tend to focus more on local enterprise, commerce and trade and, as a result feature significantly but much less than their neighbors to the West in internal or international crime statistics.

    There is another mixed group of about 10 million or so in the central area who are a mixture of Christians, Muslims and animists who travel and emigrate relatively little and are predominantly preoccupied with agriculture and agricultural exports.

    Then there is a group of about 50 million in the north who are predominantly Muslim, predominate in the agricultural, military and government sectors, who travel abroad and emigrate in moderate numbers but feature almost nowhere in either internal or external crime statistics.

    So Nigeria, with a population of about 110 million can be very, very different, depending on which part you are focusing on. There is also, therefore, no reasonable sense in which 5,000 to 10,000 fraudsters who predominate in a small part of the old pre-colonial port city of Lagos, in one tiny corner of the vast South Western Region can be deemed to be representative of even the whole of their own home region, let alone an entire, highly differentiated, ethically composite country.

    I am in two minds about the scams themselves. All attempts to scam are despicable. However, the most common of these scams can only possibly succeed through the willingness of the victim to engage in transactions of dubious legality. To me, the moral picture relating to the majority of such ridiculous scams are akin to the two-way street of corruption. Everyone is always quick to accuse the bribe taker of behaving immorally but many often forget that the bribe payer must also be equally corrupt to try to seek competitive advantage by paying a bribe and contributing to the perpetuation of corruption.

    If someone were to ask me to help him defraud his country’s central bank, my refusal to participate would not be based on a fear of losing any of my own money in the process. My reason for refusing would be that what was proposed was criminal and that I would therefore want no part of it. I find it difficult to summon up any sympathy for people defrauded in the process of conspiring to defraud others.

    Scams that trade on the naive, the gullible and the lonely in fake tragedy or fake romance scams, attract a little more of my sympathy but, even there, I would say that such fraud is no different from fake get-rich-quick spam and fake Russian, Ukrainian or Thai Bride websites. So it seems to me that it’s not unreasonable to take the view that if such naive and gullible people were not being scammed by Nigerians they would be being scammed by Russians, Ukrainians, Thais or fraudsters of some other nationality.

    To me spam is spam and fraud is fraud. I despise both. They are either immoral or illegal or both but I can’t bring myself to the point of caring much what nationality the criminals responsible for them are.

    1. Selene

      I really agree with your last four paragraphs! I’ve received some of the “help me get my money” letters in the past and I was never able to get past the little voice in my head telling me, “Thou shalt not steal . . . ”

      Then my “paranoia” would kick in at the atrocious spelling and grammar . . . The “what’s wrong with this picture???”

      I’ve posted stuff for sale on Craigslist and gotten responses telling me to send money via Western Union – and right on the heels of that message is one threatening me with the FBI – and it sounds just like the Princes of Nigeria! :<

      And, yes, just look at the US and the diversity (culture, food, ethics, religion, beliefs, etc.) we have here. Just our differences about sports is crazy! So why should another country be any different?

    2. Rodalpho

      Gary,

      Your post was of a quality rarely seen on the internet, bravo.

      I agree with your conclusion; if these people were willingly colluding in a criminal act they deserve the consequences. However with romance scams, that is not the case.

      1. meh

        On the flip side of the coin, there shouldn’t be central banks, there shouldn’t be 100 million Americans (and untold numbers worldwide) poor living in areas where resources abound. This is largely a problem of our own making and then telling people not to put their hands in the cookie jar while also depriving them of food defies logic.

        1. meh

          As Brian has pointed out several times, most of the mules for these various operations are people who couldn’t find a regular job after looking and were desperate, needed cash. If Nigeria made better jobs and opportunities for it’s people then you wouldn’t see this to the same extent either.

      2. Gary

        Rodolpho

        Thank you for your kind but unnecessary compliment.

        I agree with your differentiation, which is why, in my previous post, I very deliberately made sure to include the line:

        “Scams that trade on the naive, the gullible and the lonely in fake tragedy or fake romance scams (sic – ‘schemes’), attract a little more of my sympathy….”

        My simple point was that spam is spam, fraud is fraud and criminals are criminals. The nationality of the perpetrators is, at best, a distraction. The internet has increased the reach and ambit of immoral and callous people with criminal intent. As a result, various ethnicities in various countries all across the globe have made the decision to exploit it.

        The “Yahoo Boys” are no more reflective or representative of Nigeria or Africa than the Sicilian Mafia is reflective or representative of Italy or Europe.

        The vast majority of the populations of every country in the world are largely law-abiding. Every country and each inhabited continent has its fair share of criminals. Criminals are criminals. Different criminals use different tools. They deserve equal condemnation regardless of their methods or their origins.

      3. Gary

        Rodolpho

        Thank you for your kind but unnecessary compliment.

        I agree with your differentiation, which is why, in my previous post, I very deliberately made sure to include the line:

        “Scams that trade on the naive, the gullible and the lonely in fake tragedy or fake romance scams (sic – ‘schemes’), attract a little more of my sympathy….”

        My simple point was that spam is spam, fraud is fraud and criminals are criminals. The nationality of the perpetrators is, at best, a distraction. The internet has increased the reach and ambit of immoral and callous people with criminal intent. As a result, a very tiny criminal minority within various ethnicities in various countries all across the globe have made the decision to exploit it.

        The “Yahoo Boys” are no more reflective or representative of Nigeria or Africa than the Sicilian Mafia is reflective or representative of Italy or Europe.

        The vast majority of the populations of every country in the world are largely law-abiding. Every country and each inhabited continent has its fair share of criminals. Criminals are criminals. Different criminals use different tools. They deserve equal condemnation regardless of their methods or their origins.

  26. AverageJoe

    “Oddly enough, a large percentage of the keylog data stored at BestRecovery indicates that many of those keylog victims are in fact Nigerian 419 scammers themselves. One explanation is that this is the result of scammer-on-scammer attacks.”

    Another explanation could be that they follow the “instructions on how to use a provided tool to create a custom Windows-based keylogger”, but only up to the point of testing of their own PC. And then they don’t remove the logger after the test, because it “already works”. They are not smarter than the average computer noob.

  27. Li Pan

    You have a very little knowledge of what is happening and sorry you have to waste so much time to fish some arrogant and foolish people out that are probably hungry and searching for attention. The main players in the “yahoo boy” makes millions of dollars all by him self without the help of another “yahoo boy” and you think your smarter than him probably because you are westerner.They are 10 steps ahead of you. No smart Nigerian uses facebook with his original information of facebook, if you doubt me check for the prominent Nigerians and see if they have facebook accounts, facebook is a trap that works for ignorant people, underground Pan African educates the western tricks.

    You understand nothing about voodo because your mind is clouded with media, christanity and Islam that makes people of our soiety less aware of the truth, voodo is actually the pillar of modern technology if used as a positive force, and voodo will forever work negetively towards the western world because of the african dietes that was stolen from here. How could your westeren fore fathers come here with Jesus story and steal Idols and items from Africa and you not call it scam.

    My Point we are all victims the so called yahoo boys are christains. They learnt quickly just as your fore fathers thought them.

    You need to see them in churches pray for success to scam people….

    Most of the christain pastors here are voodo men also in disgise to be pastor for material reasons — they are more deadly that your so called yahoo boys but generally accepetd to do their scam world wide and fly about with private jets still from Nigeria, no vigiatee for them or to protect their victims

    I wonder why you westerners dont talk about that maybe its a disgrace to your religon but you can convinetly talk about a scammer that tries voodo because he was brought up to be a christain or muslim so he is a victim of the voodo also because i have a feeling the voodo gods dont like the western gods.

    https://www.youtube.com/watch?v=2uqpUasnnNg

    EXTRACT FROM WIKIPEDIA (SEARCH VOODO OR VONDUN)

    About 23% of the population of Benin, some 1 million people, follow Vodun. (This does not count other traditional religions in Benin.) In addition, many of the 41.5% of the population that refer to themselves as Christian practice a syncretized religion, not dissimilar from Haitian Vodou or Brazilian Candomblé; indeed, many of them are descended from freed Brazilian slaves who settled on the coast near Ouidah.[3]

    In Togo, about half the population practices indigenous religions, of which Vodun is by far the largest, with some 2.5 million followers; there may be another million Vodunists among the Ewe of Ghana: 13% of the population of Vodunists, most of whom are Ewe and 15 million people 68% in Ghana practise traditional religion most of whom are Akan people. In Ivory Coast, 50% of the population practise traditional religion most of whom are Akan people. According to census data, about 14 million people practise traditional religion in Nigeria, most of whom are Yoruba practising Vodun, but no specific breakdown is available.[4]

    European colonialism, followed by some of the totalitarian regimes in West Africa, have tried to suppress Vodun as well as other African indigenous religions.[5] However, because the vodun deities are born to each clan, tribe, and nation, and their clergy are central to maintaining the moral, social and political order and ancestral foundation of its village, these efforts have not been successful. Recently there have been moves to restore the place of Vodun in national society, such as an annual International Vodun Conference held in the city of Ouidah in Benin that has been held since 1991.

  28. sguy

    “419 apologist video” …apologist? O my lord, it amazes me how this theme spread so far and wide, even to credible sources.

    “I go chop you dollar” is satire. More so,It is a song (sound track) written for a movie and performed by a famous COMEDIAN akin to “dave chappelle” in Nigeria.

    “The master” starring Nkem Owoh is a COMEDY (how good it is is another matter) and social commentary on scammers and the scammed (and how greed leads to the downfall of both sides)

    I am not excusing the actions of scammers and i praise your exposure. Kids of nowadays can only be trained through social shame and prison butt love. Being a Nigerian, This “i go chop your dollar” misconception has really given me a 1st person view of how details just get so horribly lost in the media.

  29. David Habba

    I think the more we get to reveal the tricks this bad eggs do to Nigeria the better for us all. I once traveled out of the country and literally spent half of my time defending Nigeria. I have read most of the comments here and some i find appalling and laughable. Please in the quest to kill and paint Nigeria black, lets through in some objectivity.
    1. Nigeria is an over 170 million populated country, most countries of the world are just about a state or a region of our country. So therefore, a fraction, a tiny fraction of this who are criminals should not be the basis for defining our country as a whole. I feel terrible about the kind of image these kinds of rubbish bring to Nigeria but i was wondering if many of the commentators here would actually click to read to if the heading of the post was in the positive about Nigeria. I am in no way defending stupid and criminal acts by my country men or by anyone for that matter but some objectivity and truthfulness is needed even in discussing ills.
    2. It is a FAT lie to say that the gains from these tiny criminal act do contribute significantly to our GDP in any way. Yes but the fraction should be very and I mean tiny. The majority of Nigerians are hard working people who go about their daily businesses in a decent manner earning decent profits even though the conditions are not so favorable.
    3. To say the government is doing nothing about this is entirely FALSE. I am no fan of the government of my country as they have failed me and my country men in many ways and this points directly to why i have dedicated myself to working tirelessly and committedly to entrenching democratic standards and uphold social justice for all. The government has been doing alot, this may not be their best but these efforts put in place need to be recognized.

    Truly, as a people and as a Nation, we deserve better than we receive. I know many people are speaking from with anger but yes, there is a better way to write about Africa and particularly Nigeria. Some balance and objectivity is needed please.

Comments are closed.