Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams.
“These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals,” the company said. “They targeted primarily adult men in the U.S. and used fake accounts to mask their identities.”
In cases where some of these accounts attempted to target minors, Meta said it reported them to the National Center for Missing and Exploited Children (NCMEC).
Separately, Meta said it also removed 7,200 assets, including 1,300 Facebook accounts, 200 Facebook Pages and 5,700 Facebook Groups, based in Nigeria that were used to organize, recruit and train new scammers.
“Their efforts included offering to sell scripts and guides to use when scamming people, and sharing links to collections of photos to use when populating fake accounts,” it said.
Meta attributed the second cluster to a cybercrime group tracked as Yahoo Boys, which came under the radar earlier this year for orchestrating financial sextortion attacks targeting teenagers from Australia, Canada, and the U.S.
A subsequent report from Bloomberg exposed sextortion-fueled suicides, revealing how scammers are posing as teenage girls on Instagram and Snapchat to lure targets and entice them into sending explicit photos, which are then used to blackmail victims in exchange for money or risk getting their images forwarded to their friends.
Back in April, the social media giant said it has devised new methods to identify accounts that are potentially engaging in sextortion, and that it’s enacting measures to prevent these accounts from finding and interacting with teens.
“Financial sextortion is a horrific crime that can have devastating consequences,” Meta said. “This is an adversarial space where criminals evolve to evade our ever-improving defenses.”
Meta’s actions come as INTERPOL said it conducted a global law enforcement operation referred to as Jackal III that targeted West African organized crime groups such as Black Axe, leading to scores of arrests and the seizure of $3 million in illegal assets, including cryptocurrencies and luxury items.
The effort, which took place between April 10 and July 3, 2024, spanned 21 countries and was orchestrated with an aim to dismantle transnational organized crime syndicates involved in cyber fraud, human trafficking, drug smuggling, and violent crimes both within Africa and globally.
“The annual operation resulted in some 300 arrests, the identification of over 400 additional suspects, and the blocking of more than 720 bank accounts,” INTERPOL said in a press statement.
The development also follows a wave of other law enforcement actions designed to tackle cybercrime –
- Vyacheslav Igorevich Penchukov (aka father and tank), who pleaded guilty at the start of the year for his role in the Zeus and IcedID malware operations was sentenced by a U.S. court to nine years in prison and three years of supervised release. He was also ordered to pay $73 million in restitution.
- The Ukrainian Cyber Police announced the arrest of two people in connection with financial theft attacks targeting “leading industrial enterprises” in the country, leading to losses amounting to $145,000 (six million hryvnias). If found guilty, they face up to 12 years in prison.
- Spain’s La Guardia Civil arrested three suspected members of NoName057(16), prompting the pro-Russian hacktivist group to declare a “holy war” on the country. The individuals have been accused of participating in “denial-of-service cyber attacks against public institutions and strategic sectors of Spain and other NATO countries.” The group called the arrests a “witch hunt” by Russophobic authorities.
- The U.K. National Crime Agency (NCA) said it infiltrated and took down digitalstress[.]su, a DDoS-for-hire (aka booter) service linked to “tens of thousands of attacks every week” globally. The site’s suspected owner, who goes by the name Skiop, has also been arrested. The takedown, part of an ongoing coordinated effort dubbed Operation PowerOFF, came after German police disrupted the Stresser.tech DDoS attack service in April 2024.