Nigeria has made a name for itself when it comes to global phishing emails, advance fee fraud and other scams.1 In fact, the 2020 annual internet crime report by the Federal Bureau of Investigation (FBI) dubbed Nigeria the 16th most affected state by cybercrime  worldwide.2 

While Nigeria does not have coined APT groups per se, lone actors or teams of hackers work together to achieve their objectives. Why is this? Nigerian cyber threat actors are primarily driven by financial gain, unlike other groups featured in this article series who  often pursue politically motivated objectives. 

Nigerian groups have realized the amount of money they make increases in each attack “by targeting not just individuals but small businesses,” making their tactics increasingly  strategic.3 The FBI reported that between October 2013 and December 2016, over 40,000 business email compromise (BEC) incidents worldwide led to losses totaling $5.3 billion and Nigerian actors were among the largest groups involved in this activity.4;5 

A tactic that contributes to this statistic is the act of scammers sending targeted phishing emails to organizations. Scammers hope that someone will click on a link so they can infect the targeted computers with malware.6 Subsequently, attackers can access and explore the target’s network by using keyloggers or spying tools, which are used to steal login details, analyze a company’s operations, and find out who manages purchases and transactions, thus pinpointing a victim.7 While Nigerian scammers usually use simple malware and remain mostly unnoticed, they are persistent and quickly change tactics if their first intrusion attempt fails, which makes their actions particularly challenging to anticipate.8 

Nigerian cybercrime also extends to the banking, e-commerce, education and social media sectors. Although phishing is a commonly used tactic, they also employ other tactics like theft of bank cards using hidden cameras at ATMs, compromised point-of-sale (POS) systems or ATM skimming machines.9 Committing banking fraud by targeting vulnerable banking systems, software piracy and stealing intellectual property and forgery are additional methods used by these groups.10 

For example, a 31-year old Nigerian named Blessing Adeleke was charged with conspiracy to commit bank fraud and 16 counts of bank fraud.11 He was involved in a scheme to steal financial information, make fraudulent purchases and take money from  victim bank accounts in Northern Ohio, among other places.12 From January 2014 to October 2016, Adeleke was an administrator for an online marketplace called Shad0w.info, a website where stolen data like credit card numbers and personal identifiable information (PII) were sold.13 

Although legislation exists against cybercrime in Nigeria, the penalties are usually insufficient. The penalties for computer-related fraud, according to Section 14 of the Cybercrimes Act (2015) vary from three to seven years of imprisonment or may impose fines ranging from 5-10 million Nairas (₦).14 A cybercriminal convicted and fined ₦5 million would have had to pay the equivalent of $27,505.78 in 2015.15 Due to the loss of value to the African currency, in 2024 a cybercriminal convicted for the same offense would pay approximately $3,854.07.16 Considering that most profits derived from cybercrime in Nigeria are in dollars, the result is a reduced penalty, which becomes an incentive to the cybercriminal.17 

The Cybercrime Act of 2015 is controversial, as it has been declared illegal over human rights violations.18 Filed by the non-governmental organization Socio-Economic Rights and Accountability Project, the human rights violation claim is directed at Section 24 which “mandates a prison term of up to three years or a fine of ₦7,000,000 for knowingly sending a false message online, with the aim of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, ill will or needless anxiety to another.”19 This infringed on the rights to freedom of expression and information, and was being used as a tool for repression.20 It should be noted that while Nigeria has strict policies, sometimes to the extent of violating human rights, the nation struggles to effectively curb its high rate of cybercrime within its borders. 

While Nigeria does have “one of the strongest data-protection policies in Africa” and a National Computer Emergency Response Team, cybersecurity continues to be a problem throughout the nation.21 It is often said that this is because of the rapid decline in societal values caused by the rise of corrupt politicians in Nigeria.22 These individuals quickly become wealthy by misusing state resources for personal gain, therefore, bettering themselves rather than providing sufficient enforcement of the law.23 

A prime example of this occurred on April 3, when Website Planet, a web-mapping project, discovered that the Nigerian state health agency, Plateau State Contributory Healthcare Management Agency (PLASCHEMA) had unsecured data storage containing about 45 gigabytes (GB) of identification documents and photos of roughly 37,000 people, with 75,000 entries in total.24 Launched in September 2020 by Plateau State Governor Simon Bako Lalong, PLASCHEMA's business plan focused on delivering affordable and accessible healthcare to the residents of Plateau State, Nigeria.25 On April 5, two days after discovery, the Nigerian authorities were notified, but the data buckets were not secured again until late July.26 In simple terms, the authorities took nearly four months to sufficiently secure the exposed data. 

With four in 10 Nigerians living below the national poverty line, poverty, unemployment and inequality remain major issues in the country.27 This environment fuels the appeal of cybercrime as a quick way to make money, especially among young people.28 Nigeria is Africa's most populous country and at least 200 million people have faced high  unemployment for decades.29 Of those who have made it through education "over 40 [percent] of undergraduates and 60 [percent] of unemployed graduates in Nigeria are  involved” in some form of cybercrime.30 They are clever, as they often work with “security agents and bank officials, local and international networking, and the use of voodoo, a traditional supernatural power.”31 In addition, most of these young cybercriminals have been “involved in on-line dating and buying and selling with fake identity,” adding another layer of difficulty in attribution.32 Again, these examples highlight just how low the likelihood is of young cybercriminals getting caught. 

While the Nigerian Cybercrime Prevention and Provision Act of 2015 has been useful in preventing cybercrime to some degree, the government has not fully tackled vulnerabilities of large institutions like banks.33 The static nature of Nigeria’s legislation fails to account for macroeconomic and monetary instability over time, which has made cybercrime practically incentivized for criminals.34 

Presented below is an overview of the Nigerian threat actor group GOLD GALLEON. This threat actor group has made a name for itself through its targeting of the global shipping industry. 

GOLD GALLEON

Uncovered in 2017, GOLD GALLEON is a financially motivated Nigerian threat actor group known for BEC and business email spoofing (BES) fraud.35 GOLD GALLEON primarily targets global maritime shipping businesses and customers and their tactic of targeting emails is key to their strategy.36 The shipping industry reaches across the globe, and for many businesses, email is the only form of communication. Therefore, shipping companies that work in different time zones such as South Korea, Japan, Singapore, Philippines, Norway, U.S., Egypt, Saudi Arabia and Colombia make prime targets for BEC and BES.37 

Between June 2017 and January 2018, GOLD GALLEON is estimated to have attempted to steal at least $3.9 million from maritime shipping companies and their clients.38 On average, the group’s theft attempts cost up to $6.7 million annually.39 

The group employs various commodity remote access tools, including keyloggers, remote access trojans (RATs) and password-stealing capabilities to obtain email account credentials.40;41 Along with conducting BEC and BES attacks, the group also sends spear phishing emails to intercept communications, steal login details, divert funds to their own accounts and alter the content of documents.42 

The next article in the cybercrime hotspots series discusses the emerging cyber threats from Southeast Asia. 

Notes

1 Newman, Lily Hay, “Nigerian email scammers are more effective than ever,” Wired, May 3, 2018. https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

2 Abbate, Paul, Rep, 2020 Internet Crime Report, Federal Bureau of Investigation, 2020, 17. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf. 

3 Newman, Lily Hay, “Nigerian email scammers are more effective than ever,” Wired, May 3, 2018. https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

4 Publication, Business E-mail Compromise E-mail Account Compromise The 5 Billion Dollar Scam, Federal Bureau of Investigation, 2017. https://www.ic3.gov/Media/Y2017/PSA170504. 

5 “SilverTerrier: 2018 Nigerian Business Email Compromise update,” Unit42, May 9, 2019. https://unit42.paloaltonetworks.com/silverterrier-2018-nigerian-business-email-compromise/

6 Newman, Lily Hay, “Nigerian email scammers are more effective than ever,” Wired, May 3, 2018. https://www.wired.com/story/nigerian-email-scammers-more-effective-than-ever/

7 Ibid.

8 Ibid.

9 Omodunbi, Bolaji, Precious Odiase, Olatayo Olaniyan, and Adebimpe Esan. “Cybercrimes in Nigeria: Analysis, Detection and Prevention.” FUOYE Journal of Engineering and Technology 1, no. 1 (September 30, 2016). https://doi.org/10.46792/fuoyejet.v1i1.16. 

10 Ibid.

11 “Nigerian national found guilty of Bank Fraud Scheme,” U.S. Department of Justice: United States Attorney’s Office: Northern District of Ohio, October 12, 2022. https://www.justice.gov/usao-ndoh/pr/nigerian-national-found-guilty-bank-fraud-scheme-0 

12 Ibid.

13 Ibid.

14 Sibe, Robinson, “Cybercrime and the challenge of static legislations in Nigeria,” Forbes, April 29, 2024. https://www.forbes.com/councils/forbestechcouncil/2024/04/29/cybercrime-and-the-challenge-of-static-legislations-in-nigeria/ 

15 Ibid. 

16 Ibid.

17 Ibid.

18 Woollacott, Emma, “Nigerian cybercrime law ruled illegal over human rights concerns,” Forbes, April 4, 2022. https://www.forbes.com/sites/emmawoollacott/2022/04/04/nigerian-cybercrime-law-ruled-illegal-over-human-rights-concerns/ 

19 Ibid. 

20 Ibid. 

21 Olaigbe, Olatunji, “The deep roots of Nigeria’s cybersecurity problem,” Wired, September 19, 2022. https://www.wired.com/story/nigeria-cybersecurity-issues/ 

22 Igwe, Uche, “Nigeria’s growing cybercrime threat needs urgent government action,” The London School of Economics and Political Science, June 9, 2021. https://blogs.lse.ac.uk/africaatlse/2021/06/09/nigerias-growing-cybercrime-phishing-threat-needs-urgent-government-action-economy/ 

23 Ibid. 

24 Olaigbe, Olatunji, “The deep roots of Nigeria’s cybersecurity problem,” Wired, September 19, 2022. https://www.wired.com/story/nigeria-cybersecurity-issues/ 

25 Ibid.

26 Ibid. 

27 “Deep Structural Reforms Guided by Evidence Are Urgently Needed to Lift Millions of Nigerians Out of Poverty, says New World Bank Report,” World Bank Group, March 22, 2022. https://www.worldbank.org/en/news/press-release/2022/03/21/afw-deep-structural-reforms-guided-by-evidence-are-urgently-needed-to-lift-millions-of-nigerians-out-of-poverty 

28 Igwe, Uche, “Nigeria’s growing cybercrime threat needs urgent government action,” The London School of Economics and Political Science, June 9, 2021. https://blogs.lse.ac.uk/africaatlse/2021/06/09/nigerias-growing-cybercrime-phishing-threat-needs-urgent-government-action-economy/ 

29 Bala-Gbogbo, Eliaha, “Nigeria’s unemployment rate drops sharply to 4.1% on revised methodology,” Reuters, August 25, 2023. https://www.reuters.com/world/africa/nigerias-unemployment-rate-drops-sharply-41-revised-methodology-2023-08-25/ 

30 Ayandele, Olusola, and Olugbenga Popoola, “Yahoo Yahoo: Cyber-Enabled Crime and Criminality in Nigeria,” SSRN Electronic Journal, January 10, 2022. https://doi.org/10.2139/ssrn.3999317. 

31 Aransiola, Joshua Oyeniyi, and Suraj Olalekan Asindemade, “Understanding Cybercrime Perpetrators and the Strategies They Employ in Nigeria,” Cyberpsychology, Behavior, and Social Networking 14, no. 12 (December 2011): 759–63. https://doi.org/10.1089/cyber.2010.0307. 

32 Ibid. 

33 Igwe, Uche, “Nigeria’s growing cybercrime threat needs urgent government action,” The London School of Economics and Political Science, June 9, 2021. https://blogs.lse.ac.uk/africaatlse/2021/06/09/nigerias-growing-cybercrime-phishing-threat-needs-urgent-government-action-economy/ 

34 Sibe, Robinson, “Cybercrime and the challenge of static legislations in Nigeria,” Forbes, April 29, 2024. https://www.forbes.com/councils/forbestechcouncil/2024/04/29/cybercrime-and-the-challenge-of-static-legislations-in-nigeria/ 

35 “Gold Galleon: How a Nigerian Cyber Crew Plunders the Shipping Industry,” Secureworks Counter Threat Unit, April 18, 2018. https://www.secureworks.com/research/gold-galleon-how-a-nigerian-cyber-crew-plunders-the-shipping-industry 

36 Ibid.

37 Ibid. 

38 Ibid.

39 Ibid.

40 Ibid.

41 “Gold Galleon Targets Maritime Shipping Companies, Customers in BEC Campaigns,” Trend Micro, April 23, 2028. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/gold-galleon-targets-maritime-shipping-companies-customers-in-bec-campaigns 

42 Ibid.