Talk Naira: Scam Forum

Our intelligence team while investigating ponzi operators and fake investment scams came across a forum called TALK NAIRA at talknaira[.]com.

Right off the bat, we noticed the site didn’t have an About section, no information about the owners, no contact address, all indicative of the usual make-up of a scam. Looking at the posts in the forum, we observed the usual flipping money language; invest an amount and get it tripled in return. See the discussion thread below.

Notice that no mention is made of the business or medium via which the profit of 40,000 naira will be generated. Also, the thread had a lot of responses from people claiming to have gotten paid after investing. See below.

To find out if these comments were from real people, we decided to message two different members of the forum to compare their device fingerprints to confirm if it was the same person posing as different persons. So we sent “Sawena” the initiator of the thread above a message. Below is a screenshot of the message sent and the device fingerprint obtained from the message.

Message sent to Sawena
device fingerprint obtained via message sent to sawena

In the exchange, sawena mentions that we contact another member to send payment. This fits our purpose, so we sent hollabiz a message. Below is a screenshot of the message sent and the device fingerprint obtained from the message.

Message sent to hollabiz
device fingerprint obtained via message sent to hollabiz

Comparing the device fingerprints from the different messages, it’s evident that it is the same device that is used in both instances. Hence, we can conclude that it is the same person posing as two different members on the forum. It could very well be the same person posting all the comments on the forum or maybe he might have recruited some associates to help out.

What the scammer is ultimately trying to do is to make this forum look legitimate by means of social proof. Scammers know that people are more likely to believe something if other people claim it is true. Hence, we advise that you do not assess investment opportunities or offers solely on testimonials. Also, do some solid research about the company/person making the offer, and make sure you discuss with other people who are knowledgeable in that industry.

Finally, make sure the person/company is registered with the necessary authorities before making any payment.

Wazobia Investment: Investigating a Ponzi Scam

Recently, our Intelligence Team came across a platform called Wazobia Investment. According to their website:

“Wazobia Investment was established in 2017 and has become one of the top leading investment platforms trusted by over 1,400,000 users. Wazobia investment provides a proven and secure platform for its investors. Amongst others, Wazobia Investment provides a Worldwide coverage, multiple payment options, instant confirmation tools and very active support are accompanied by time-proven platform stability that guarantees safety of assets and data. Wazobi aInvestment is based on a peer to peer investment basis funded with naira and bitcoin.”

They also claim:

“You will get profit of 50% ROI in 3 days on your first Investment and subsequently get 50% in 7 days!”

Our interest was piqued because scams and ponzi schemes typically promise high returns on investment with little or no risk.

In addition, below are other factors we noticed that pointed to this platform as a con:

  • There was no physical contact address on their website.
  • There was no information on the owner(s) or founder(s).
  • There was no notice of being regulated by the Securities and Exchange Commission.

Taking a deep dive, we decided to check the claims made on their About Page. They claimed the platform has been existing since 2017 and upon pulling up the domain record we noticed the domain was opened two months ago.

So, how could they have been in operation since 2017 if their domain is barely two months old? Obviously, that is not possible but the mention of 2017 seemed like something that needed a further examination, so we dug around and sure enough we found a ponzi site [winnerswealth.com.ng] almost exactly like the one above. If you look closely, you’ll notice the same bootstrap framework was used to build both sites and they have the same site logo.

winnerswealth.com.ng
wazobialife.cash

The earliest record on the internet for [winnerswealth.com.ng] shows activity on the domain from June 20, 2017. To show that the number of people claimed to be on the platforms is bogus, one only needs to ask how a platform being run since 2017 has 165,000 people while another opened barely two months ago has 1,400,000?

Digging deeper, we found 10 other domains connected to two already mentioned. They are:

  • kuditrade.com
  • nairabolt.com.ng
  • wazobia.website
  • wazobiagold.cash
  • wazobiaking.cash
  • wazobiastar.cash
  • wazobiaway.cash
  • wazobiaweb.cash
  • wazobianet.cash
  • wazobia.cash

You have to wonder why a “legitimate” platform needs to have so many domains. Going back to [winnerswealth.com.ng], we can clearly see that the platform is a ponzi scheme as it states:

“Once you Register, Join a package or choose a sponsor, wait for 1mins, the system will automatically assigned you to pay a sponsor (YOUR UPLINE) pay Him/Her NGN7,000 and you will be set to recieve NGN7,000 payment from 4 persons under you (NGN28,000).”

7,000×4=28,000

This is a typical ponzi scheme as no product is being sold and we can be sure that if anyone was actually paid it was from the money of recent investors. It gets worse with Wazobia Investment, as there are claims that investors are mandated to reinvest the initial amount they put into the scheme before they can withdraw their profit.

From the foregoing, we advise that you do not put your money into this scheme because like all ponzi schemes it is sure to collapse and victims will lose their funds.

Ten Malware Myths That Refuse To Die

Every day, the AV-TEST Institute registers over 350,000 new malware and potentially unwanted applications. Malware, an appellate for malicious software is the favorite tool of hackers and cybercriminals. Stories abound of individuals who have lost copious sums or data due to malware attacks.

But why are malware attacks so pervasive and successful? One could argue that it is due to the ingenuity of the attackers, but one has to wonder how much of that ingenuity is bolstered by the attitude of the user. London-based consultancy Willis Towers Watson maintains that 90% of all cyber claims stemmed from some type of human error or behavior. Given the statistics, we can be sure at least some of these human errors are due in part to false beliefs. So how do we determine these false beliefs? If only there was some survey or study that could aid us in this regard.

Enter Cybersecurity firm G Data, they conducted a large scale survey to determine how well internet users understood the dangers online. The following ten myths are drawn from the results of that survey. So let’s dive in and investigate the ten most pervasive myths about malware that could leave you in a lot of hot water.

Myth 1 – If I don’t notice anything suspicious my device is not infected
Apart from Ransomware that loves to make a splash, the longer malware can go undetected, the more useful it can be to a criminal who can continue to use it. An example is a Zombie (botnet) – such a device can send spam, assist in espionage, or participate in a DDoS attack.

Myth 2 – Free antivirus is adequate
Earlier this year news started making the rounds of a free antivirus that was selling its users browsing data. Aside from having your data sold to marketers, the main issue with free antivirus is that they measure up to their paid counterparts. Take a moment and consider this, most free antivirus has a paid counterpart. Why would antivirus makers do this if the free version provided equally good protection? Surely there are differences between free and paid versions of antivirus products.

Myth 3 – Malware is mostly sent via email attachments
While email is still a very potent delivery method, social networking sites have become a favorite for cybercriminals. We’ve all witnessed WhatsApp chain messages with links to sites ready to serve malware. Also, malvertising is another option, this is where malicious code is incorporated into ads and now served on various advertising platforms.

Myth 4 – As long as I don’t download anything
Cybercriminals do not abide by the #GDPR, hence don’t expect them to ask for your permission before loading your device with malware. Visiting a compromised site is all it takes for your device to get infected (usually the malware program is very small) without you taking any other action. This method of delivering malware is known as drive-by-download

Myth 5 – It’s easier to get infected through Torrent sites.
Yes, malware authors love to pass off trojans as the current version of paid software and put them on P2P networks. Still, the infection rate is lower when compared to other methods such as drive-by- downloads.

Myth 6 – I am safe because I don’t visit adult sites
It’s estimated that 28,000 internet users view pornographic material every second, hence it’s a no-brainer that malware authors use sites hosting erotic content to spread malware. But the fact remains that safety depends on the competency of a site’s administrator(s) and the sophistication of the attackers rather than on the nature of a site. Any site can be a potential vector for the spread of malware.

Myth 7 – If I don’t open an infected file I am safe
Yeah, back in the good old days! These days user interaction isn’t always required as it has become possible to write malware that both the download and execution go unnoticed.

Myth 8 – Most malware infections are through USB flash drives
Yes, USB flash drives are a serious concern. There seems to be an almost universal need to plug in a lost but found USB flash drive with the words “confidential” pasted on it. But these days security solutions exist which can prevent the contents of USB-connected devices from automatically executing making them less of a concern. Also, when compared to other means like drive-by-downloads, the risk of infection is low.

Myth 9 – I only visit safe sites, so I don’t need security solutions
Ever heard of a watering hole attack? This is where attackers compromise a group of end-users by infecting websites that members of the group are known to visit. That supposedly safe website you love to visit then becomes your waterloo.

Myth 10 – I have nothing of value, so I am not a target
Yeah right! Think of data you have, email addresses, phone numbers, social media accounts, banking details. Anyone one of these is a valuable goldmine for cybercriminals. Even your device alone is useful as it can be recruited to be part of a botnet for hire.

So there you have it, ten popular malware myths. Hopefully, we’ve been able to dissuade your mind if you’ve believed any of the myths above. A final word, always keep your systems updated, use multi-factor authentication, and back up critical data.