Here is one of Nigerian scammers who apparently does not understand importance of not-keylogging his own computer and concept of anonymity. Following his self-provided logs, screenshots and data found with google search and on various social media accounts, it is easy to connect dots. For example, guy on the photos below is active under many names and nicknames, some of them are Lee Chun, CJ Ugonna , chijioke, Michael Chijioke Umeh, Obilor Chijioke Henry, jokky4sure, Akeem Akbar…
– Lee Chun – firstname.lastname@example.org, email used to receive malware files and keybase/ispy panels set for him by another scammer.
Today we will focus on his Advance-Fee Loan Scam activities. Company that this guy is impersonating is Al Ghurair Investment company, original website is http://www.al-ghurair.com/en/ ,
Description: “Al Ghurair Investment is a diversified industrial group with a presence in more than 20 countries on four continents. Our core focus is on Foods, Construction, Resources and Properties with additional sector participation in Retail, Printing, Energy and Education” and legit company profile on Linkedin is https://www.linkedin.com/company/al-ghurair
Scammers name on Linkedin is Akeem Akbar – CIO at Al-Ghurair Investment, United Arab Emirates (fake description and details, of course)
Sometimes he send to the victims malware attachment, invoice, proposal, etc, to install keylogger and get further access to the victims login details, documents, etc.
Following the business vocabulary he is making very believable “business” emails. In order to trick the victims how he is some big CEO, CIO, CFO, he is researching legit companies and successful businesses, stealing legit identities and using their names to register domains and create emails that looks almost the same as the legitimate company emails. After that, it’s just a matter of time to find a specific victim who need a loan and trick them into advance-fee loan scam.
After few messages on Linkedin, he “transfers” victims to his email for easier conversation.Here is few of his inbox screenshots.
His sites are primitive, low quality and obviously made just to trick the victims. Even the meta description is not changed, default web theme maker description.
Notice that fraud alert, made by scammer. Oh irony.
Note: Phone number +971433328438 is connected with more scam domains.
UAE company hosted in Ukraine. Seems legit.
Email FAYADHB2@GMAIL.COM reveals many of his scam domains, emails and fake names used for scam:
– al-ghurairinvestmentgroup.com (email@example.com, firstname.lastname@example.org, ceo/cio/cfo@, AL GHUARAIR ABDULLAH register name )
– abdullahamadinvestment.com (Ahmed Al-Gaddah)
– al-bolkiahgroup.org (Prince Fayad Bolkiah)
– kazimgroup.org (Prince Fayad)
– alghurairinvestment.com (email@example.com, M.Saif ,firstname.lastname@example.org, Khalid Sani, Fayad Habib used for domain registration)
– alghurairinvestment.org (Alkarim Kadir, email@example.com, firstname.lastname@example.org, email@example.com)
– abudhabibuae.com (firstname.lastname@example.org)
– arabiainvestmentsgroups.com (email@example.com) / not by email, but phone +971433328438 same as al-ghurairinvestmentgroup.com (Ahmed Al-Gaddah)
– seeffprime.com (Ahmed Al-Gaddah)
– al-futtaimloaninvestment.com (AL FUTTAIM SHEIHK)
– arabiainvestmentsgroups.com is also connected with phone number +97-143-862-999, and that number reveals more scam domains:
alhamlahgroup.com, iteicoinvestmentgroup.com, alowaisiggroup.com, investalfhimgroup.com, ….
Here is few random reports of his activities, found on various anti-scam forums and sites
Basically, this guy is working the same Loan advanced fee fraud scheme for more than 5 years.
Here is the article how to recognize fraud signs and hopefully avoid this type of scam.