Researchers at Dell SecureWorks intervened on a "CEO" scam and worked some magic to reveal the whereabouts and identity of a Nigerian scammer.

The "CEO" scam is an email scheme to trick employees into transferring funds to the hackers bank account. However, victims can fight back by replying to the email in order to gain information about the scammer.

SecureWorks pretended to comply, which caused the scammer to turn greedy. “He started asking for $18,000,” said James Bettke, a SecureWorks researcher. “And then after that, he said, ‘Oh that’s a typo. It’s a $118,000.’”

SecureWorks decided to play along and sent the scammer a PDF receipt which in reality was a bit of malware that would reveal the scammers IP address and other web browser information. They found that the scammer was located in Lagos, Nigeria and was viewing the receipt on an iPhone.

SecureWorks then sent the scammer an email stating that the transfer failed which prompted the scammer to give them another bank account. With that information, SecureWorks contacted the banks and informed them that the bank account was being used for fraud, which got the bank to close the account.

SecureWorks then sent another "receipt" to the scammer which this time required the scammer to enter a legitimate mobile phone number to view the form. They then used Facebook to find that the entered phone number was tied to a user named “Seun.”

“We know who he is,” Stewart said. “We could report him to the EFCC (The Economic and Financial Crimes Commission in Nigeria). But he didn’t get away with any money.”

Source: Network World