Scattered Canary – The Evolution Of A West African Cybercriminal Organization

The Evolution and Inner Workings of a West African
Cybercriminal Startup Turned BEC Enterprise

An Agari Special Report

Thank You For Helping SCARS!

We thank all of our supporters and donors that allow SCARS to continue to offer free professional services to scam victims!

We are an incorporated nonprofit based in Florida (Nonprofit Corporation Registration #N20000011978 confirm our status here.) providing free education, support, advocacy for victims of online crime, and crime prevention through our partnership with the U.S. Department of Homeland Security and others. We help victims in over 60 countries, perhaps like you!

If you have not yet had a chance to contribute, giving just $10 to help can make a big difference in the life of a scam victim!

Thank you for your visit and for doing all you can to help others avoid scams!  Click below or here to donate on our corporate website.

Can you help? Can you donate just $5 to help us continue to provide free services to scam victims?

Learn More About SCARS At:

Scattered Canary – A West African Criminal Enterprise

These scammers have ripped off as much as $36B in unemployment benefits in 2020 alone!

In a first, Agari has cataloged the evolution of a Nigerian cybercriminal organization from its emergence as a one-man shop into a powerful business email compromise (BEC) enterprise employing dozens of threat actors.

An Agari Threat Actor Dosier

The following is copyright © 2019 Agary, and is presented to expand awareness of this criminal enterprise and to help victims understand the scope of organizational growth in West African scamming. We greatly appreciate their courtesy in being able to display their work unchanged here.

From the Scattered Canary Dosier Executive Summary

BEC has continued to grow, taking the number one spot for greatest financial losses from Internet crime. In a recent report, the FBI’s Internet Crime  Complaint Center (IC3) reported that more than 20,000 businesses lost nearly $1.3 billion to BEC attacks in 2018. Globally, BEC attacks have cost  more than $13 billion in losses over the past five years.

But with the West African gang we’ve named Scattered Canary, we have a deeper look at how business email compromise is connected to the rest of  the cybercrime. With over ten years of visibility into Scattered Canary’s operations, we have deep insight into how the group grew from a single  cybercriminal working Craigslist scams into an entire organization that consists of dozens of criminals, each with specific tasks.

When the first member of Scattered Canary, who, for the purposes of this report, we call Alpha, began his operations, he was a lone wolf—working  mostly Craigslist scams as he learned the tricks of the trade from a mentor. However, within a few years, he had honed his craft enough to expand  into romance scams, where he met his first “employee,” Beta. Once they had secured enough mules via their romance scams to launder their stolen  money, they shifted from targeting individuals to targeting enterprises, and the group’s BEC operation was born.

Since its inception, at least 35 different actors have joined Scattered Canary in its fraudulent schemes. The group has turned to a scalable model  through which they can run multiple types of scams at the same time. And with multiple tools designed to help them expand their operations and  stay hidden from law enforcement, it is no wonder that they are seeing massive success.

While BEC remains a favorite due to its ease and success, a look into Scattered Canary’s operations demonstrates that these groups are not one-trick  ponies. At any given time, Scattered Canary is involved in a number of different types of scams simultaneously—including romance scams, tax fraud,  social security fraud, employment scams, and more. And this is only one organization, out of the hundreds currently residing in West Africa and  around the world.

With this much involvement between members, and so much connection between crime type, we must look at the bigger picture to truly understand  the enormity of the cybercrime problem.

If Scattered Canary can be seen as a microcosm for the rapidly evolving organizations behind today’s most pernicious email scams, this report  emonstrates that a much more holistic approach—one based on threat actor identity rather than type of fraudulent activity—is required to detect email fraud and protect organizations.