Is Africa being used as testing bed for spear phishing attacks?

62
dilbert phishing

When something is popular in one country or continent it tends to spread to other countries and continents. This is true in all walks of life especially when it comes to data theft, malware, phishing attacks and viruses. Normally data theft, malware and viruses spread around like wildfire and phishing attacks are not far behind. Spear phishing attacks have been around for ages but a new variant of them seems to be only aiming at English and French speaking African countries, and it uses a human weakness loves as bait.

AdaptiveMobile have being done some research into this and they are not sure if Africa is the new hunting ground for adult phishing or simply a testing ground for spammers. They do recommend that extreme caution is advised when responding to unknown friend/professional requests on SMS and all social networking platforms.

The spear phishing attacks, which aim to collect personal data including contact numbers, email and social media aliases, are initiated with romantic messages and promises from an unknown individual, allegedly located in the US, Haiti, Eastern Europe or the Solomon Islands. When the provided contact numbers are dialled, victims are connected to a call centre, in this case one based in Sri Lanka, where an operator will pretend to woo the caller and eventually request personal contact details that can be used to harvest data from the caller and their network of digital connections.

Of the observations made so far, there are some extremely interesting patterns emerging:

  • Messages follow very similar patterns and structures utilising similar logic to lure victims.
  • Many of the messages are directing callers to an isolated range of numbers.
  • The target region for snaring victims remains fixed to Africa.

More information on AdaptiveMobile’s findings can be found here.