A group of online scammers has generated a list of 50,000 executives including CFOs and other finance chiefs to use as targets for their schemes.
The list was discovered by security company Agari after the scammers unwisely targeted the company with one of its scams, prompting the company to investigate further.
The group -- which Agari is calling London Blue -- seems to specialise in business email compromise (BEC) scams. While there are many variations, the basic aim is to trick someone within an organisation -- usually working in finance -- to send funds to a bank account controlled by the crooks, thinking that the transfer is a request from someone senior inside their own organisation. Long before the mistake is discovered, the funds have been moved or withdrawn.
The phishing emails sent by groups like this typically contain no malware, making it much harder for them to be spotted by standard automated security measures; many major security breaches now start with a phishing email. Also known as CEO frauds these can be extremely lucrative for the crooks, devastating for the company hit, and very hard for police to tackle. The FBI puts the cost of these scams at somewhere around $12bn.
Agari's analysis shows how sophisticated these groups are becoming.
"London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules)," the company said
SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | download the PDF version
The security company said it came across the list of execs as part of its research. The scammers had generated the list in early 2018 to be used in future BEC phishing campaigns. Of the names on the list, 71 percent were CFOs, two percent were executive assistants, and the remainder were other finance leaders. Several of the world's biggest banks each had dozens of executives listed, the company said.
The group also singled out mortgage companies for special attention, which would enable scams that steal real estate purchases or lease payments. Over half of the 50,000 potential victim profiles that London Blue compiled in their targeting database were located in the US; other countries commonly targeted included Spain, the United Kingdom, Finland, the Netherlands and Mexico.
"In our analysis of London Blue, we identified the working methods of a group that has taken the basic technique of spear-phishing -- using specific knowledge about a target's relationships to send a fraudulent email -- and turned it into massive BEC campaigns," the company said. It said the group was likely based in Nigeria but also had members elsewhere including the US and UK.
RECENT AND RELATED COVERAGE
Attackers target office managers during the holiday season, tricking them into sending hackers gift cards, according to a Barracuda report.
It may look legit, but keep your guard up anyway.