In some regions of the world, it is a fact that cybercriminal underground markets where criminals sell and/or buy products and services for committing cybercrime exist. But when the phrase “cybercriminal underground market” is uttered, Africa probably would not come to mind.

As early as 2012, Trend Micro predicted that we would see a cybercriminal underground market emerge from the region.1 What are cybercriminals up to in this part of the world, especially in West Africa? The arrest of the mastermind behind Limitless following the joint efforts of INTERPOL and the Nigerian Economic and Financial Crime Commission, aided by security vendors including Trend Micro, showed that the threat of cybercrime from West Africa is growing. To more clearly map the landscape, INTERPOL conducted a survey among its member countries in West Africa.*

The survey results, combined with Trend Micro research findings, revealed that West African cybercriminals are experts in committing crimes against individuals and businesses, aided by very clever social engineering tactics.

Two major types of cybercriminals reign in West Africa—so-called “Yahoo boys”2 and “next level cybercriminals.” Yahoo boys excel in committing simple types of fraud (advancefee,stranded-traveler and romance scams/fraud) under the supervision of ringleaders or masterminds. Next-level cybercriminals, meanwhile, are more experienced and prefer to pull off “long cons” (business email compromise [BEC] and tax scams/fraud) or crimes that require more time, resources, and effort. They use malware (keyloggers, remote access tools/Trojans [RATs], etc.) and other crime-enabling software (email-automation and phishing tools, crypters, etc.) that are easily obtainable from underground markets.