Some people have made Nigeria proud. Again.
At least 4 Nigerians have been indicted in a $1.3m dollar phishing scheme that targeted customers of major banks in the United States of America.
Chase Bank, Bank of America, ADP and Branch Bank & Trust are the banks involved while Charles Umeh Chudi (UK), Osarhieme Uyi Obaygbona (Atlanta), and Olaniyi Jones (Nigeria) are among the six criminals indicted alongside the principal culprit - Waya Nwaki, a.k.a Prince Abuja.
Nwaki was arrested in December 2011 on charges of wire fraud conspiracy, wire fraud, aggravated identity theft, and conspiracy to gain unauthorised access to computers. But for the collaborative efforts between the victim banks and the FBI, these criminals would have continued to live like kings after successfully robbing other people of their hard earned money.
Going by a related story on naijapals, EFCC are currently on the case of Nigerian-based Olaniyi Jones who is currently awaiting judgement on his extradition to the United States of America for his part in this crime.
According to the indictment filed with the U.S District Court in NJ, these cyber thieves launched phishing attacks against unsuspecting individuals between August 2000 and June 2010 causing the victims to disclose their confidential personal and financial information.
Phishing is the act of sending deceptive e-mails - purported to come from a trusted party, e.g., a financial institution - to a large group of people in the hope of getting a 'positive' response from a percentage of this group. Most recipients are educated enough to just delete these e-mails without reading them, but those who eventually fall victim generally supply all the information requested by the criminals. These criminals then leverage this information to gain unauthorised access to the victim's online accounts.
This type of attack is still very common but its success rate is diminishing, thanks to constant user education and out-of-band authentication techniques. The days of username and password are long gone and if your bank still authenticates you via this means alone, you might want to consider taking your money elsewhere. If you don't, your account will be breached someday.
I should mention that online criminals have evolved as well though. We are now seeing what is called Man-in-the-browser (MITB) attacks, which means that even if you have a one-time password (OTP) device, popularly known as hardware token, your online account can still be emptied! All the criminal needs do is get your machine infected with a trojan.
One will normally hope that this will serve as a deterrent to other cyber thieves, but that's all it is - hope.
It will be interesting to see how this case concludes come August 15, 2012 - when judgement will be served.