Cybercrime in West Africa: Poised for an Underground Market

Two major types of cybercriminals reign in West Africa—so-called “Yahoo boys”2 and “next- level cybercriminals.” Yahoo boys excel in committing simple types of fraud (advance- fee, stranded-traveler and romance scams/fraud) under the supervision of ringleaders or masterminds. Next-level cybercriminals, meanwhile, are more experienced and prefer to pull off “long cons” (business email compromise [BEC] and tax scams/fraud) or crimes that require more time, resources, and effort. They use malware (keyloggers, remote access tools/Trojans [RATs], etc.) and other crime-enabling software (email-automation and phishing tools, crypters, etc.) that are easily obtainable from underground markets.

Cybercriminals are bound to continue honing their know-how, skill sets, and arsenals to slowly but surely form their own community. There may not be a West African cybercriminal underground market now, but cybercrime is de nitely an issue in the region. This can be seen from the constant increase in the volume of cybercrime-related complaints targeting both individuals and businesses that law enforcement agencies in the region receive, as shown by the I NTERPOL survey………………….


West African Cybercriminal Cultural Mindset

Within the West African criminal culture, there appears to be a forgiving mindset with fraud,4, 5 with some claims that this culture encourages cybercrime, equating it to outsmarting victims, especially foreigners.6 This cultural mindset is reportedly most evident in Ghana7 where sakawa—a ritualized practice of online fraud—is practiced. In sakawa, a supreme being is believed to bless criminals with protection and good fortune. This encourages West African cybercriminals to defraud foreign victims (typically Westerners) online as a means to escape poverty. It even serves as a means to justify ends, taking out the unethical element in victimizing the unwitting.

West African Cybercriminal Pro El

West African cybercriminals have one skill they are particularly good at—defrauding victims. But why resort to cybercrime? It is actually quite simple, almost half of the 10 million graduates from more than 668 African universities each year do not nd employment.8 According to the INTERPOL survey, West African law enforcement agencies recognize that about 50% of the cybercriminals that they identi ed in the region are unemployed.

The Internet aids cybercriminals to do two essential things in order to steal money from victims—create fake personas and attempt to defraud as many victims as possible. Creating personas usually involves obtaining several email addresses for various online pro les, even on social media, to support acts of fraud. Performing fraud against potential victims, meanwhile, involves sending them socially engineered emails and messages.

Note that West African cybercriminals are far more trusting than their French counterparts, 9 according to previously published Trend Micro research. They constantly communicate with one another. They do not hesitate to share know-how with fellow cybercriminals. This is actually how “newbie” cybercriminals learn to defraud potential victims and eventually differentiate themselves from others. They talk about which kind of people will most likely fall for particular types of fraud and what types of fraud actually work and pay off. This could be why some types of fraud that have proven effective become even more popular. In essence, the West African cybercriminal ecosystem can be considered as a self-learning portal and a self-sustaining system, improving through trial and error and the sharing of best practices.

Advance-fee fraud (also known as 419 fraud in the Nigerian Penal Code), romance fraud, and the newer BEC fraud (which will be discussed in more detail later) are not only committed by known groups. Novices start off committing 419 fraud then move on to more complicated schemes such as BEC fraud. Cybercriminal gangs, meanwhile, may prefer to pull off romance or BEC fraud. It all just depends on their preferences, needs, and available resources. The INTERPOL survey con rms that a West African cybercriminal group will generally commit multiple types of fraud.

The INTERPOL survey also revealed that West African cybercriminals are mostly between 19 and 39 years old. In addition, most reports10, 11 on West African cybercriminals paint a prototypical pro le—male with basic technical know-how and skills and a air for showing off wealth in real life and on social media.

A Comparison of West African Cybercriminal Types

West African cybercriminals can be categorized into two major types—Yahoo boys and next-level cybercriminals.

  • 18 and younger 19-29
40-49 Unknown
  • Figure 3: Cybercriminals’ age ranges
  • 11.76% 35.29% 23.53%
  • 5.88% 23.54%

Yahoo Boys

Yahoo boys, dubbed such due to their heavy use of Yahoo! apps for communication via email and instant messaging (IM) in the early 2000s, are often part of groups operating in the same physical location— normally cybercafés. They are supervised by more experienced cybercriminals—usually ringleaders or gang masterminds. Each cybercriminal takes care of an entire operation—from scouring the Internet for email addresses to send spam to, to communicating with each potential victim, and nally receiving the defrauded money. This operating model does not require work segmentation and specialization. Cybercriminals can use more than one fraud type at the same time. In fact, they usually run several different types of fraud at the same time. They can, for instance, run a romance fraud with one victim and an advance-fee fraud with another while sending a stranded-traveler fraud email to other potential victims.

Yahoo boys continue to use Yahoo! apps but probably not as much as in the past, when they rst earned their nickname. They actively use social media, particularly Facebook®, to post pictures showing off their ill-gotten wealth—newly acquired vehicles or luxury items. Their social circles comprise contacts who generally reside in the same physical locations as they do, which tells us that they may be close friends and meet face-to-face.

The Yahoo Boys Playbook

Some of the fraud types in the Yahoo boys’ playbook have been repeatedly used and seen, as well as constantly improved and developed over the years.

Advance-Fee Fraud

The advance-fee fraud12 is the oldest and simplest fraud type. It is also the most varied in terms of pretense and storyline, though the most popular type is the Nigerian prince fraud.

In the Nigerian prince fraud, the cybercriminal asks a target to help transfer large sums of money with the promise of compensation after providing assistance. However, prior to being compensated, the victim is asked to pay small amounts supposedly for various fees—deposits, notarization, parcel, and transfer fees—that in the end, add up to hundreds, even thousands of dollars.

Some storylines used in advance-fee fraud through the years include:

  • A member of the royal family or a high-ranking government of cial requesting assistance in transferring wealth
  • The target being an heir to a recently deceased member of the royal family
  • The target being a lottery prize winner 
Stranded-Traveler Fraud 
Stranded-traveler fraud13 rst gained notoriety in the early 2010s. These used compromised Facebook and other social networking accounts to request money from the account holders’ contacts. In this type of fraud, the cybercriminal rst take control of an account then impersonates the account owner and asks contacts for help with an “emergency,” usually while overseas. The supposed emergency can range from incarceration, kidnapping, a sudden health-related case, or being robbed at gunpoint—anything that would require immediate, no-questions-asked monetary assistance. 
Recent versions of stranded-traveler fraud do not require account hacking and instead use accounts mimicking those of real people (even using their photos and personal details). 
Romance Fraud 
Romance fraud14 typically involves creating fake but very appealing (to as many potential suitors as possible) accounts on several online-dating sites. Romance fraud can be likened to a “long con,” a con dence trick that usually runs for weeks, even months. In it, the cybercriminal spends time building an online relationship with a target. Once trust is established, the cybercriminal starts asking the victim for money for various reasons, including:
    • Paying for traveling fees to meet his/her “lover” in person
    • A death in the family
    • Disability due to an illness or an accident
    • Loss of employment 
While this particular type of fraud usually targets middle-aged to elderly single women, some also target men, especially recent retirees. This may be due to the preconception that they have disposable cash.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s