Another website with multiple setups for various scammers is found. Thanks to @malwrhunterteam and other good people on Twitter, I have countless hours of fun.
Scammers are sending emails with malicious attachments, infected victim’s computers are sending login credentials, typed words and screenshots to this server, for further malicious misuse by scammers. emenamtechnologies.com is part of the creepy group of phishing domains listed here domainbigdata.com/name/domain provider
BUT – sometimes scammers infect their own computers, giving us insights in their activities.
Let’s see what’s new in Nigeria, the land of broken dreams and home to many scammers (or “hustlers”, how they call themselves).
This is Justine Timba / Oliver Justine Timba / Justine Timba Osuji / Justine Obinna / Yatin… (click on images for larger size)
as you can see, his Honesty Karma is astonishing, he’s been honest and fair in all his dealings… It’s on the internet, so it must be true. Anyway, here are his Facebook / Instagram accounts
With email firstname.lastname@example.org and his name are registered next domains:
all of them registered recently, in last few month. Industries are very diversified, mostly in manufacture / distribution / export-import sectors. Most likely, all of them are or will be used for phishing and scam schemes, pretending to be legitimate, official websites and companies, sending “official” emails and attachments to the victims, etc.
- otlotd.com / similar to otld.co.uk, “distributor and importer of food and other products, overseas trading” legit company which he will, at some point, try to impersonate and do some damage to unsuspected victims.
- brazilainprofessionals.com / similar to brazilianprofessionals.com – “Brazilian Professionals, LLC. is the exclusive distributor of the one and only original Brazilian Blowout, and b3 Brazilian Bond Builder.”
- chirnaconne.com / similar to chinaconne.com – “professional manufacturer of all kinds of kitchen faucets and other plumbing equipment manufacturer.”
- electiolux.com / similar to Electrolux, multinational appliance manufacturer, headquartered in Stockholm, Sweden.
- savannah-agrl.com / similar to savannah-agri.com – “Savannah Valley is one of the Egyptian leading growers, exporters and suppliers of high quality fresh fruits & vegetables from Egypt.”
- fontenra.com / similar to fonterra.com – “A leading multinational dairy company, owned by 13000 New Zealand dairy farmers and the world’s largest exporter of dairy products”
- aiirbus.com / similar to airbus.com – “A European consortium producing the Airbus family of passenger aircraft, a corporate jet, the beluga supertransport and a military transport.”
- biafo.net / similar to biafo.com – ” Pakistan-based company engaged in the manufacturing of commercial explosives and blasting accessories, including detonators”
Obviously, big number of Nigerian scammers quickly moved from Advanced Fee fraud and “Romance Scam” letters to BEC (business email compromise) schemes. Even low educated non-techy nigerian hustlers like this guy can purchase domains similarly named to legitimate domains, make believable phishing website and organize successful email phishing scam. Innocent-looking payment requests and fake wire transfer request emails are costing companies millions, even billions – 2.3 bn US$ in last few years, only in USA, and that is only what is reported. The real figure is probably much higher, plenty of victims don’t even report the fraud.
Using mass-email sending software to distribute emails with malicious attachments. This kind of spam blasts is very profitable, it takes 0.001 of those emails to be opened and clicked attachment to be effective campaign. Next step is checking victims logs and selecting profitable targets for CEO Fraud Scams, learning their business lingo, and finally spoofing e-mails pretending to be the CEO, CFO or some other senior executive at the company and demanding wire transfers, or W-2 files for all employees, or stealing business data and selling to competitors, or… anything that makes money.
Checking stolen credentials, login in their accounts, sending emails in the name of the victims, stealing business details and insights…
his Yahoo inbox, sending “payment slip.exe” to selected victims
some of his friends / customers
leading to funny guy – Bishop Huntmoney EzeNgwori, photos below
http://ezengwori-huntmoney.site40.net/index.php – known earlier as malicious/malware site