Native English speakers are being recruited in their droves by criminals trying to make Business Email Compromise (BEC) more effective.
BEC schemes can be simple to execute and among the most potentially devastating for a business, alongside threats such as ransomware.
A BEC scam will usually start with a phishing email, tailored and customized depending on the victim. Social engineering and email address spoofing may also be used to make the message appear to originate from someone in the target company -- such as an executive, the CEO, or a member of an accounts team -- in order to fool an employee into making a payment to an account controlled by a criminal.
In some cases, these payments -- intended to pay an alleged invoice, for example -- can reach millions of dollars. In 2020, US companies alone lost roughly $1.8 billion to these forms of cyberattack.
Little technical knowledge is required to pull off a BEC scam, however, threat actors need to be able to communicate effectively in order to succeed in these endeavors -- and if they are not fluent in the language a target speaks, this can cause BEC attacks to ultimately fail.
Unfortunately, there are ways to plug this gap in expertise: recruit a native language speaker from the underground.
According to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam.
Over the course of 2021, threat actors have posted 'wanted' adverts on a popular Russian-speaking cybercriminal forum asking for native English speakers, later tasked with managing email communication that would not raise red flags to members of a high-level organization, as well as to manage the negotiation aspect of a BEC operation.
If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud.
"Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.
In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000.
"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money."
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0