chat
expand_more

The Nigerian Prince is Alive and Well: Cybercriminals Use Generative AI and New Themes to Run Their Scams

Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.
September 14, 2023

The term “Nigerian Prince” has become nearly synonymous with the first email scams of the nineties. Mostly targeting individuals, these emails often came from allegedly wronged and robbed Nigerian nobility, who asked for financial assistance and promised millions in repayment as soon as they regained access to their wealth. Despite their absurdity and the huge sums of promised money, people fell for these scams by the thousands.

But as they became more popular and more people lost their life savings, awareness grew until they are now the subject of many popular memes. So surely no one is continuing to fall for these scams decades later, right?

Unfortunately, that doesn’t appear to be the case. Abnormal recently uncovered more than a thousand attacks targeting organizations using at least 70 unique email addresses. While it feels that these are old news, we can surmise that these attacks are still being sent because they work—people continue to fall for them at a rapid enough pace that they are still worth the effort put into them.

And making matters worse? Now they’re using generative AI to create them.

Greetings from Nigeria

These attacks rely on common social engineering tactics like urgency and human decency, preying on the empathy of the recipient and their willingness to help in an emergency. And they’re not simply sent to personal email addresses anymore. These attacks were all sent to business email addresses at organizations and appear to be entirely industry agnostic, targeting higher education, retail, healthcare, law firms, and more.

The emails identified by Abnormal all have the same subject line that simply says “GREETINGS” but are sent from multiple email addresses with multiple hooks. In this attack, the sender states that his mother was the former Minister of Petroleum from 2010-2015 under the Administration of President Goodluck Ebele Johnathan. He goes on to say that he has $250M he wants to invest in the firm. Obviously, the recipient will be “greatly rewarded” for their efforts.

Nigerian Prince1

The Evolution of the Scam: From Nigerian Royalty to Global Government

Unfortunately, it is no longer only Nigerian royalty that are being impersonated. There are a variety of other emails using the same “GREETINGS” subject line, impersonating individuals from the United Nations, Ukraine, the Ivory Coast, Switzerland, the Central African Republic, and even the United States.

Some of them remain closely related to the traditional scam, speaking of dead relatives with large inheritances. Though they do often mention countries other than Nigeria, like this one from the Central African Republic, much of the rest of the email is what we would expect.

Nigerian Prince2

That said, there has also been a shift in tactics. Whereas the traditional Nigerian Prince schemes spoke only of personal gain, some of these newer versions are related to business transactions, including this one from The Ministry of Defence of Ukraine. This attack asks the recipient to deposit $50M in exchange for 10% of the money, in a “100% risk free” business transaction. This is an evolution of the traditional 419 scam, now referencing business transactions rather than personal ones.

Nigerian Prince3

In approximately half of the emails detected by Abnormal, the theme focused on a business transaction rather than a personal one—a clear shift since these first appeared on the scene nearly three decades ago.

The Shift from Human Prince to Generative AI

Unfortunately, as the average person becomes more aware of these schemes, cybercriminals continue to find ways to outsmart them. Spelling mistakes and grammatical errors have long been characteristics of an attack, making them easy to spot even if they did land in the inbox. But with the rise of generative AI, this is no longer the case.

It’s clear that at least one threat actor is testing their luck with it, evidenced by these two attacks we’ve found. While they are using different sending addresses, they both have the “John Albert” display name and the same reply-to address. Additionally, they both mention the United Nations and the sum of $3.5M.

However, this first email is clearly human-generated with a number of syntax errors.

Nigerian Prince4

In contrast, this second email is likely entirely AI-generated, with zero errors or inconsistencies. As a result, employees may be less able to tell that this is an attack, making it more likely that they will respond should it land in the inbox.

Nigerian Prince5
Nigerian Prince6

One interesting point to note is that the human-generated email was sent four days after the AI-generated email. Perhaps this is an indication that cybercriminals are still testing out the technology to determine how useful it may be for their work.

Protecting Your Organization from Nigerian Princes and AI Bots

Most everyone now knows not to respond to an email from Nigerian royalty and threat actors clearly know this. As a result, they are refining their scams, using similar tactics but different themes to target personal and business accounts alike. And with the rise of generative AI, we’re likely to see even more convincing emails sent from these threat actors. In fact, in our recent survey of 300 cybersecurity stakeholders, 80% said they suspect their organization has been targeted by AI-generated email attacks.

As these examples show, the Nigerian Prince scam is far from over and is instead rapidly evolving. As a result, organizations must be prepared to stop them before they reach the inbox. Because they are entirely text-based and often use free webmail domains, traditional security solutions may not stop these attacks. In contrast, modern solutions like Abnormal use AI to understand the signals of known good behavior, creating a baseline for each user and each organization and using natural language processing to understand when an email contains high-dollar figures.

Unfortunately, we can’t rely on humans not to fall for these schemes, as the millions lost to them each year can attest. As attackers shift from personal emails to business ones, you need a solution that can block them before they reach inboxes. Abnormal can detect email attacks that bypass other solutions—whether they’re written by a real Nigerian Prince, your typical attacker, or generative AI.

To discover more about how Abnormal detects these attacks, request a demo today.

Schedule a Demo
The Nigerian Prince is Alive and Well: Cybercriminals Use Generative AI and New Themes to Run Their Scams

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B SOC Prod
Learn how AI-driven automation boosts SOC productivity by reducing false positives, addressing skills gaps, and enhancing threat detection. Discover strategies to future-proof your SOC and strengthen cybersecurity defenses.
Read More
B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More