You would think that after decades of analyzing and fighting email spam, there'd be a fix by now for the internet's oldest hustle—the Nigerian Prince scam. There's generally more awareness that a West African noble demanding $1,000 in order to send you millions is a scam, but the underlying logic of these “pay a little, get a lot” schemes, also known as 419 fraud, still ensnares a ton of people. In fact, groups of fraudsters in Nigeria continue to make millions off of these classic cons. And they haven't just refined the techniques and expanded their targets—they've gained minor celebrity status for doing it.

On Thursday, the security firm Crowdstrike published detailed findings on Nigerian confraternities, cultish gangs that engage in various criminal activities and have steadily evolved email fraud into a reliable cash cow. The groups, like the notorious Black Axe syndicate, have mastered the creation of compelling and credible-looking fraud emails. Crowdstrike notes that the groups aren’t very regimented or technically sophisticated, but flexibility and camaraderie still allow them to develop powerful scams.

“These guys are more like a crew from the mafia back in the day,” says Adam Meyers, Crowdstrike's vice president of intelligence. “Once you’re in an organization and are initiated, then you have a new name that’s assigned to you. They’ve got their own music, their own language even. And there are pictures on social media where they’re flaunting what they’re doing. The whole idea is why invest hundreds of thousands of dollars to build your own malware when you can just convince someone to do something stupid?”

Yahoo Boys

Young Nigerian scammers have often been called “Yahoo Boys,” because many of their hustles used to target users on Yahoo services. And they've embraced this identity. In the rap song “Yahooze”—which has more than 3 million views on YouTube—Nigerian singer Olu Maintain glamorizes the lifestyle of email scammers.

'They spend months sifting through inboxes. They’re quiet and methodical.' James Bettke, Secureworks

Advanced Nigerian groups have lately increased the amounts they make off with in each attack by targeting not just individuals but small businesses. The FBI estimates that between October 2013 and December 2016 more than 40,000 "business email compromise" incidents worldwide resulted in $5.3 billion in losses. With so many many third parties, clients, languages, time zones, and web domains involved in daily business, it can be difficult for a company with limited resources to separate out suspicious activity from the expected chaos.

Nigerian scammers will send tailored phishing emails to a company to get someone to click a link and infect their computer with malware. From there, the attackers are in no hurry. They do reconnaissance for days or weeks, using key loggers and other surveillance tools to steal credentials to all sorts of accounts, figure out how a company works, and understand who handles purchasing and other transactions.

Eventually the scammers will settle on a tactic; they may impersonate someone within the company and attempt to initiate a payment, or they might pretend to be a company the victim contracts with and send the target an innocuous-looking invoice to pay. If they’ve gained enough control of a system, attackers will even set up email redirects, receive a legitimate invoice, doctor it to change the banking information to their own, and then allow the email to reach its intended recipient. And the scammers rely on this sort of man-in-the-middle email attack for all sorts of manipulations.

Even though the attackers generally use cheap commodity malware, the groups tend to remain inconspicuous on victim networks, and have shown a willingness to abandon ideas quickly if they’re not working. One technique called “domain tasting” involves registering domains that look legitimate, trying to send phishing emails from them, and then moving on to a new domain if the phishes aren’t working.