A gang of known scammers allegedly based in Nigeria is believed to be targeting schools in the K-12 sector along with the Boy Scouts and other nonprofit organizations around the world, according to a report published by Agari.
The group has been named "Scarlet Widow," and the most recent report reveals a new pattern of attacks targeting nonprofit organizations, K-12 school districts, and universities – using a directory scraping technique the Scarlet Widow gang calls 'bombing.' The group has also been identified as targeting single men and women with romance scams in early February.
Using email fraud attacks, Scarlet Widow appears to go after some of the more vulnerable organizations around the globe, including dozens of small-town schools and school districts in Indiana and Wisconsin. Attackers have also reportedly gone after US and UK-based nonprofits including Boy Scouts of America and the Salvation Army as well as universities in Florida, the UK, New Zealand and Australia, Agari found.
"When Scarlet Widow goes after nonprofits, the group primarily uses publicly accessible websites to scrape contact information for employees," wrote Crane Hassold, Agari's senior director of threat research, in a blog post announcing the report. "Working off a list of identified websites that contain directories of nonprofit organizations, Scarlet Widow uses a web scraper to traverse the online directory and collect email addresses associated with each organization – a process they refer to as 'bombing' an online directory."
The attackers leverage business email compromise tactics to target the organizations ranging from a chapter of the United Way, a Texas-based ballet foundation, a North Carolina physician, an Archdiocese of the Catholic Church in the Midwest, and several chapters of the YMCA. An investigation revealed that Scarlet Widow had collected information from more than 30,000 individuals at 13,000 organizations across 12 different countries.
The Scarlet Widow scammers have reportedly been using a peer-to-peer cryptocurrency exchange, Paxful, to convert fake gift cards into cryptocurrency. In investigating Scarlet Widow, Hassold noted researchers found that, "By first advertising the stolen cards on Paxful, the group can successfully turn them into bitcoin, which they can then trade on Remitano for a specified price. Once the Scarlet Widow actors have exchanged their bitcoin and the buyer’s funds are in their bank account, the process of converting illicit gift cards into cash is complete."