Surely everyone has at some time been the recipient of an amateurish email scam from Nigeria? Well, Nigerian scammers have just got a whole lot more professional – so much so that an international cybersecurity specialist mistook a lone 20-something chancer from the outskirts of Lagos for a full-on, nation-state hacking operation.
The attacks against more than 4,000 global energy, construction, mining, oil and infrastructure companies took place in spring. It employed a phishing scheme to spread malware-infected emails that appeared to come from Saudi Arabia’s huge state owned oil and gas company Saudi Aramco, with the objective of raking in corporate banking details.
Despite the somewhat homespun nature of the attack, at least 14 companies fell for the scam, parting with several thousand dollars. This demonstrates that phishing still works – exploiting human gullibility and a general lack of corporate good practice. The cybercrook’s identity still remains a secret, but not so his motto on social media – ‘get rich or die trying’.