Meta Platforms said on Wednesday it had taken steps to remove approximately 63,000 Nigerian Instagram accounts it found were targeting people in financial sextortion scams.
“This included a smaller, coordinated network of approximately 2,500 accounts that we were able to link to a group of approximately 20 individuals,” the company said. “They primarily targeted adult males in the United States and used fake accounts to hide their identities.”
In cases where some of these accounts were attempting to target minors, Meta said it reported them to the National Center for Missing and Exploited Children (NCMEC).
Meta also announced that it had removed 7,200 assets, including 1,300 Nigeria-based Facebook accounts, 200 Facebook pages and 5,700 Facebook groups, that were being used to organize, recruit and train new fraudsters.
“Their activity included offering to sell scripts and guides to use in scamming people, as well as sharing links to photo collections to use in creating fake accounts,” the report said.
Meta attributed the second cluster to a cybercrime group tracked as the Yahoo Boys, which gained attention earlier this year for orchestrating financial sextortion attacks targeting teenagers in Australia, Canada and the United States.
Subsequent reports from Bloomberg exposed sextortion suicides, revealing that scammers are posing as teenage girls on Instagram and Snapchat to lure their targets and convince them to send explicit photos, which they then use to blackmail the victims in exchange for money or risk forwarding the photos to their friends.
In April, the social media giant announced it had come up with new ways to identify accounts that may be engaged in sextortion and was taking steps to prevent these accounts from finding and interacting with teenagers.
“Financially motivated sextortion is a horrific crime with potentially devastating consequences,” Mehta said. “It’s a hostile space where criminals evolve to evade our defenses.”
Meta’s actions come as Interpol announced it had conducted a global law enforcement operation called Jackal III targeting West African organized crime groups such as Black Axe, leading to numerous arrests and the seizure of $3 million worth of illicit assets, including cryptocurrency and luxury goods.
The initiative will run from April 10 to July 3, 2024, and span 21 countries, and is organized with the aim of dismantling transnational organized crime syndicates involved in cyber fraud, human trafficking, drug smuggling and violent crimes within Africa and around the world.
“This annual operation has resulted in almost 300 arrests, more than 400 new suspects being identified and over 720 bank accounts being frozen,” Interpol said in a press statement.
The move follows a wave of other law enforcement actions designed to tackle cybercrime.
- Vyacheslav Igorevich Penchukov (aka Father and Tank), who pleaded guilty earlier this year for his role in the Zeus and IcedID malware operations, was sentenced by a US court to nine years in prison and three years of probation. He was also ordered to pay $73 million in restitution.
- Ukrainian cyber police said they had arrested two men in connection with a financial theft attack that targeted a “major industrial company” in the country, causing losses of $145,000 (6 million hryvnias). If convicted, the men could face up to 12 years in prison.
- Spain’s La Guardia Civil arrested three suspected members of NoName057(16), a pro-Russian hacktivist group that declared a “holy war” against Spain. The arrested individuals allegedly took part in “denial-of-service cyber attacks against public institutions and strategic sectors in Spain and other NATO countries.” The group called the arrests a “witch hunt” by Russophobic authorities.
- The UK National Crime Agency (NCA) announced that it had infiltrated and taken down digitalstress(.)su, a DDoS-for-hire (aka booter) service responsible for “tens of thousands of attacks per week” worldwide. The site’s suspected owner, who goes by Skiop, was also arrested. The takedown was part of an ongoing coordinated effort dubbed Operation PowerOFF, and comes after German police disrupted the Stresser.tech DDoS attack service in April 2024.
