In 2024, Kaspersky researchers detected over 414,000 ‘Nigerian’ email scams. These emails relied on messages that lured victims with enticing financial offers manipulating them into email exchanges which would ultimately be used to defraud them. The latest scams related to this method include romantic schemes requesting reimbursement for alleged travel expenses, fraudsters posing as wealthy individuals seeking business investments, and even scammers claiming to represent the Illuminati, a secret society dating back to the Enlightenment era.
‘Nigerian’ style scams are a type of advance fee scam in which fraudsters promise victims large sums of money, lucrative opportunities, or exclusive benefits but require an upfront payment — often disguised as processing fees, legal costs, or travel expenses — before ultimately disappearing with the money. The original ‘Nigerian’ scam emails were sent under the names of influential and wealthy individuals from Nigeria, which is how the scam got its name. Over time, the themes of these scam emails evolved, with cybercriminals exploiting current events and popular trends to capture their targets’ interest.
The iterations of advance fee scams discovered by Kaspersky in 2024 included both common scam examples (messages from allegedly unwell wealthy individuals) and unusual tactics. Some scams were sophisticated: for instance, they could include offers of romantic friendship: the victim and the scammer would meet online and chat, but when the victim was ready to meet in person, their “partner” would tell them they required financial help as they couldn’t afford the ticket or visa. In a different scenario, the scammer would say they wanted to send an expensive gift to their partner but then ask the victim to cover the shipping costs as they couldn’t afford the postage.
An unusual example was a scam email allegedly sent on behalf of the secret society of the Illuminati, claiming they were ready to share their wealth and power if the recipient agreed to become part of their grand brotherhood by replying to the email.
Another scam revealed by the Kaspersky team was an email claiming to be from a European lottery director, with the email body almost empty. The details about the “win” were in the attached PDF, which asked the user to send their name, address, phone number and even the job position to get the prize.
A lottery scam example with a blank email and an attached PDF with instructions on how to get the prize.
Some of the scam cases that have been discovered referenced recent or current real-world events, such as the COVID-19 pandemic or Saudi Arabia’s possible BRICS membership, claiming the recipients were entitled to receiving funds because of these developments. Scammers also took advantage of the 2024 U.S. Presidential election, claiming that recipients were lucky to win millions of dollars from the Donald J. Trump Foundation.
In other cases, to make their emails more convincing, scammers attached photos of documents to their emails that supposedly confirmed the sender’s identity.
A fundraising scam email example.
While advance fee scams are often targeted at individual users, a similar scam was found in the B2B sector. Cybercriminals claimed to be seeking businesses to invest in, and the recipient’s company could be their target. To arrange a “partnership”, they asked the recipient to reply to the email.
“The so-called ‘Nigerian’ scam has been around for years and remains one of the most versatile forms of online fraud. Scammers can impersonate real or fictitious figures — bankers, lawyers, business executives, or even high-ranking officials — crafting elaborate stories to manipulate their victims. These scams don’t rely on malicious links or attachments unlike some other types of email cyberattacks; instead, they use pure social engineering, engaging in prolonged conversations to build trust and legitimacy. What makes them particularly dangerous is their adaptability — fraudsters continuously refine their tactics, leveraging global events, trending news, and even personal tragedies to appear credible. In the future, we can expect these scams to become more sophisticated and possibly harder to detect. This underscores the need for heightened awareness and robust digital literacy to recognise and resist such manipulative tactics,” comments Anna Lazaricheva, spam analyst at Kaspersky.
To protect yourself, follow these recommendations:
- Always remember the dangers of tempting offers and to be critical of emails allegedly sent from influential individuals. It’s best to avoid responding to messages from unverified senders altogether.
- If for some reason you can’t avoid corresponding with a stranger, before responding, it’s worth double-checking the information in it, paying attention to inconsistencies, grammatical errors, etc. If the reply-to address is different from the sender’s address, or if you see a different address in the email body, this may be a sign of fraud.
- When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication.
- Use a proven security solution when surfing the web. Thanks to access to international threat intelligence sources, these solutions are capable of spotting and blocking spam and scam campaigns.
