Researchers have uncovered what appears to be a major BEC crime gang which used commercial lead-gen services to identify 50,000 executives to target.
Dubbed 'London Blue' in a new report from Agari, the group is Nigerian in origin, with collaborators in the UK, US and Western Europe. It first came to light after making the mistake of targeting the security vendor’s own CFO.
“London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules),” the report explained.
“London Blue’s effectiveness depends on working with commercial data brokers to assemble lists of target victims around the world. Doing so gives it the attack volume of a mass spam campaign, but with the target-specific customization of spear-phishing attacks. By combining commercially available tools with criminal tactics, the attackers are able to deliver semi-customized attacks on companies of all sizes in countries located around the world.”
After compiling the list of 50,000 executives, 71% of which are CFOs, members of the team then carry out additional research to fill in any missing details that will help personalize the scams.
Most targets were located in the US, with others in Spain, the UK, Finland, the Netherlands and Mexico.
Interestingly, the gang itself previously focused on credential phishing and Craigslist scams before being attracted by the potentially bigger pay-out associated with BEC.
According to the FBI, scammers have made over $12.5bn from BEC attacks since 2013.
Although these scams typically don't feature malware, and are therefore harder to spot with traditional tools, security controls can be implemented to spot spoofed domains and/or use machine learning to raise the alarm if an executive's writing style appears to change.