Scattered Canary sounds a bit like bad band name from high school, but it’s really the name given to a highly organized cybercrime game base in Nigeria that’s managed to steal millions of dollars from state unemployment systems, according to my guest — Armen Najarian is Chief Identity Officer at Agari Data Inc., a cybersecurity firm. Agari has tracked Scattered Canary through a decade of crimes: stealing from CEOs, government agencies, online lovers, you name it. But when Covid hit, and government assistance started flowing, Scattered Canary saw the perfect opportunity.
Agari’s initial report on Scattered Canary was published last June — ironically, after the crime ring tried to scam the cybersecurity organization. It reads like a novel. Here’s the most heartbreaking excerpt:
By March 2016, one of Scattered Canary’s members had built enough trust with a romance victim—who we’ll call Jane—that she became a frequent source of new mule accounts for the group. Since she had been converted to a mule at this point, it’s safe to assume that Scattered Canary had already stolen as much money from her as they could. Over the next eighteen months, Jane opened five mule accounts and bought twenty prepaid cards that were,
unbeknownst to her, used by the group to facilitate other scams.
After the new accounts were opened, Jane sent her fictitious online boyfriend the account credentials, using passwords like weare4ever and 2hearts1love. Over time, these passwords became things like 2muchmystery and iam2wornout as Jane grew tired of the mysterious relationship with her online lover. Unfortunately and sadly, Jane passed away in September 2017. Even after her death, though, Scattered Canary continued to victimize her. In October 2017, a member of the group attempted to take out an auto loan using Jane’s personal information, providing more evidence that these groups are only interested in one thing—money.
Click here to listen to this episode, or just hit play below