Two Nigerian scammers operating out of London UK are now serving jail time over a £1 million+ phishing operation.
According to UK investigators the jailed men, Emmanuel Mmaduike and Olawale Kashimawo (pictured above), headed a well-organised cybercrime syndicate specialising in email fraud.
Tony Adams, head of investigations at the National Crime Agency’s Cyber Crime Unit, said in a statement that the fraudsters “sent out convincing emails to victims purporting to be from well-known service providers and companies asking them to input their details… They could then alter payment details.”
Investigators discovered that Mmaduike and Olawale successfully harvested the login credentials for thousands of business email accounts, allowing them to fraudulently redirect financial transactions to illicit bank accounts.
The two men boasted about their ill-gotten gains on social media and apparently spent large sums on extravagant vehicles and entertainment before their capture.
The methods used by the scammers at the centre of this British case are typical brandjacking techniques.
Brandjacking is the exploitation of well-known brands and trademarks to trick victims into trusting scam emails. Scam victims are much less likely to be suspicious of a malicious message if it appears to come from a company or organisation they know.
MailGuard sees new brandjacking scams appearing all the time and they continue to be one of the most common forms of cybercrime.
Brandjacking emails can be very rudimentary, like this recent example imitating a DHL parcel tracking message:
But sometimes brandjacking messages are quite sophisticated, like this notorious example which is designed to look like a Telstra bill notification:
Phishing emails usually link to websites that are also designed to mimic actual login pages.
Victims of last year’s notorious Netflix phishing scam were sent this message:
When the recipients of the scam message clicked on “restart membership” they were taken to this cunningly designed fake login page:
Scams of this sort have high success rates for criminals because for many ordinary internet users, the tell-tale signs of a brandjacking scam are not easily apparent.
Tell-tale signs of email scams
There are a few ways you can check if an email is a scam:
- Generic greetings, such as ‘Dear customer’
- A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
- Bad grammar or misuse of punctuation
- poor-quality or distorted graphics
- An instruction to click a link to perform an action
- Obscure sending addresses that don’t match the real company’s domain URL
Learn more about brandjacking scams and how to identify them in this article; Warning: Our Brains are on Autopilot Most of the Time.
Stay up-to-date with the MailGuard Blog by subscribing to our weekly newsletter. Click on the button below: