Is Nigeria Really The Headquarters of CyberCrime in the World?

“The key (to Cybercrime) really is the lack of law enforcement environment, the feeling that you can do almost anything and get away with it. They were able to grow and evolve into organized enterprises.”

This is a statement by Dmitri Alperovitch, a Russia-born U.S. citizen and co-founder and CTO of security firm CrowdStrike. It sounds almost like a statement about Nigeria. But it’s actually about Russia.

Russia is one of the world’s top cybercrime perpetrators having a cybercrime industry that, as of 2013, makes $1.9 billion dollars a year. The Russians are so good at cybercrime, according to Time, Brazil, another cybercrime hotspot, is buying Russian hacker software. The Russian black market has become so sophisticated that Eastern European hackers now provide I.T. support for foreign customers buying their malware.

So why doesn’t this have adequate media coverage?

In 2017 Statista released a list of the world’s largest consumer losses through cybercrime. On the list, countries vary from all over the globe, from Hong Kong to Japan to Sweden, with China, Brazil and Mexico making the top three. But out of a list of twenty Nigeria doesn’t even make the top five.

It did not even make the list at all.

Nigeria has an international reputation for being one of the biggest cybercrime hotspots in the world, if not the biggest. From parody episodes in Family Guy to American high school graduate yearbook final words, cybercrime in Nigeria has become a pop culture phenomenon.

In Nigeria cybercrime, also locally known as “Yahoo Yahoo” has invaded all levels of society from music – cue in Naira Marley’s infamous debut single Am I A Yahoo Boy? – to EFCC club busts. Before then, Maintain’s Yahooze was an anthem.

With the recent arrests of high profile entrepreneur Obinna Okeke for fraudulent practices and the huge FBI bust of 77 Nigerian online scammers, Nigeria’s cybercrime black market is currently in the international media limelight.

But with Nigeria’s cybercrime being so popular, well known and visible, why is it that in comparison to other countries, our cybercrime statistics are so low?

The UN defines cyber crime as any illegal behaviour directed by means of electronic operations that targets the security of computer system and data processed by them; and any illegal behaviour committed by means of or in relation to a computer system or network. Essentially cybercrime is any crime that’s committed on a laptop. And as of 2013, according to the Association of Certified Fraud Examiners, Africa had the biggest percentage of fraudulent transactions in the world.

Seven per cent of all online transactions within Africa in 2013 were fraudulent, almost thrice the size of Europe’s 2% and North America’s 1%.

So why, as of 2019, do we suddenly no longer make international cybercrime lists and still make headlines?

The statistics suggest it’s for two reasons: visibility and data access.

Visibility

The most popular forms of Nigerian cybercrime are fraudulent electronic mails, identity theft, hacking, cyber harassment, spamming and Automated Teller Machine spoofing. But the biggest cash cow is still fraud emails. That’s why the 80 internet scammers recently indicted by the FBI could send a whopping 5 million emails in just 10 days.

Nigerian hackers have used the same method of fraudulent emails for decades. They send tailored phishing emails to a company or an individual to get someone to click a link and infect their computer with malware. From there, they steal credentials to and from all sorts of accounts logged into the victim’s computer frame, figure out how a company works, and understand who handles purchasing and other transactions. The scammers may then impersonate someone within the company and attempt to initiate a payment or they might pretend to be a company the victim contracts with and send the target an invoice.

The FBI estimates that between October 2013 and December 2016 more than 40,000 “business email compromise” incidents worldwide resulted in $5.3 billion in losses.

This method is so popular, confraternities and gangs have been built around it in other countries, such as the notorious Black Axe gang in Italy.

But the fraudulent email business isn’t only profitable. It’s also incredibly visible.

With scammer emails not being restricted to any border, Nigerian 419 emails are accessible to almost everyone. Victims vary from individuals to companies, to random people.

Unlike their international fraud counterparts like Russia that focus on less visible crimes such as cryptojacking, Nigerians are more focused on social cons rather than digital manipulation. Romance cons, foreign money exchange and business scam emails are still the most popular methods used by Nigerians and they’re all the most visible. But these methods average out to $6003 per person, $2133 per person and $1717 per person respectively. While investment scams, moving scams and cryptocurrency scams, more popular in Russia, China, India and Brazil, average out to $8648 per person, $3993 per person and $3147 per person respectively.

Thus, Nigeria’s popular reputation, despite increasing competition, has more to do with public visibility than actual profit.

The numbers prove there’s actually been a significant decrease in profits over the years as countries are beginning to wise up. While as of 2011 profits of up to $12,000 per person and/or business was possible now in 2019 it only averages out to $2133. But part of Nigerian scam emails success is also down to the sheer volume of them.

With a population of 190 million people, Nigeria is one of the largest countries in Africa and the combination of corruption, unemployment and a large youth population mean a high amount of the population resort to scam as a means of livelihood.

But another more sinister reason lingers in the recesses of the dark web. Sometimes, cons are scams within scams, and nothing else but that quite describes the fact that not all “Nigerian prince” scam emails are actually Nigerian.

On January 2nd in 2018 a 67-year-old man from Louisiana was arrested for running an international “Nigerian prince” email scheme and was charged with 269 counts of wire fraud and money laundering. With the internet being anonymous anyone can claim to be something they’re not and it raises the question exactly how many of these scammer emails we find are actually from a Nigerian source?

They could be from opposite sides of the globe, but the likelihood of other African countries remains small for the same reason Nigeria has such a proficient scam email black market: data access.

Data
Despite being a third world country Nigeria has one of the lowest data rates in the world. According to The Alliance for Affordable Internet (A4AI), at the end of 2018, Nigeria ranked as the second country after Egypt with the lowest internet tariffs in Africa, while Cable.co.uk ranks Nigeria 4th out of 230 countries for the lowest internet rates. With the internet being so accessible, especially in a region famous for its internet blackouts, scam emails are more accessible and can be done by just about anyone with internet access and a device.

With such high numbers, easy data access and visible crimes, it’s not a surprise that Nigeria’s standing has become so synonymous with corruption and internet hacks that scammers now claim to be located in Ghana instead.

The Nigerian government, despite having poor management and investigation into these cases, is still making effective changes. The introduction of the BVN, in a report presented by the Chairman of the Nigeria Electronic Fraud Forum (NEFF), who is also Director, Banking and Payment System Department, CBN, Mr Dipo Fatokun, has reduced cybercrime profits and increased losses by 63% and there had been a reduction of 45.98% in attempted online fraud by the end of 2015.

But while the Nigeria Electronic Fraud Forum predicts an optimistic outcome, The FBI and Deloitte suggest not only will scam emails increase, they will improve.

Deloitte states the spelling and grammatical errors that plague phishing emails will come to an end and we are likely to get to the era where the mails are properly crafted and the messages more targeted to the victims. Targeted messages might leverage prior information about the victims from social media, Internet or earlier compromises.

It seems the days of outdated Nigerian prince emails are evolving, but with Russia currently under investigation for what potentially may be the biggest cyberattack in modern history – the US elections – and the statistics showing Nigeria’s reputation, while well earned isn’t entirely warranted, Nigeria’s place as the headquarters of cybercrime in the world might not only be slipping, it may have never been true. With countries like North Korea, Russia, Brazil and even the United States figuring prominently on the Symantec Index, the problem with Nigeria may have been overstated.