This phishing scam group built a list of 50,000 execs to target
A group of online scammers has generated a list of 50,000 of executives including CFOs and other finance chiefs to use as targets for their schemes.
The list was discovered by security company Agari after the scammers unwisely targeted the company with one of its scams, prompting the company to investigate further.
The group – which Agari is calling London Blue – seems to specialise in business email compromise (BEC) scams. While there are many variations, the basic aim is to trick someone within an organisation – usually working in finance – to send funds to a bank account controlled by the crooks, thinking that the transfer is a request from someone senior inside their own organisation. Long before the mistake is discovered the funds have been moved or withdrawn.
The phishing emails sent by groups like this typically contain no malware, making it much harder for them to be spotted by standard automated security measures; many major security breaches now start with a phishing email. Also known as CEO frauds these can be extremely lucrative for the crooks, devastating for the company hit, and very hard for police to tackle. The FBI puts the cost of these scams at somewhere around $12bn.
Agari’s analysis shows how sophisticated these groups are becoming.
“London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules),” the company said
The security company said it came across the list of execs as part of its research. The scammers had generated the list in early 2018 to be used in future BEC phishing campaigns. Of the names on the list, 71 percent were CFOs, two percent were executive assistants, and the remainder were other finance leaders. Several of the world’s biggest banks each had dozens of executives listed, the company said. The group also singled out mortgage companies for special attention, which would enable scams that steal real estate purchases or lease payments. Over half of the 50,000 potential victim profiles that London Blue compiled in their targeting database were located in the US; other countries commonly targeted included Spain, the United Kingdom, Finland, the Netherlands and Mexico.
“In our analysis of London Blue, we identified the working methods of a group that has taken the basic technique of spear-phishing–using specific knowledge about a target’s relationships to send a fraudulent email–and turned it into massive BEC campaigns,” the company said. It said the group was likely based in Nigeria but also had members elsewhere including the US and UK.
RECENT AND RELATED COVERAGE
Governments and nation states are now officially training for cyberwarfare: An inside lookEurope, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and TechRepublic takes you inside.
Devastating attacks to public infrastructure ‘a matter of when’ in the USCybercriminals are focusing on public infrastructure to disrupt services and cause mayhem as new targets are emerging and expanding throughout the world.
Understanding the military buildup of offensive cyber weaponsOver the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.
Cybercrime Inc: How hacking gangs are modeling themselves on big businessOver the past few years, offensive cyberweapons have risen in prominence as a part of international military efforts. The full impact of these weapons remains to be seen, however.
READ MORE HERE