A group of scammers, dubbed London Blue, managed to create a target list of 50,000 executives, including CFOs and other finance executives, which they planned to use to launch BEC scams.
This list was discovered during an investigation by the security company Agari after they were targeted by one of the scams operated by the cybercriminal group. Agari has since published a report detailing the group’s malicious activities.
The cybercrime gang London Blue seems to specifically target victims with Business Email Compromise (BEC) scams. The main motive of such a scam is to get an employee from a targeted company, preferably one in a finance role, to send funds to them. The scammers use lures that pose as legitimate, usually appearing as an internal fund transfer request. Once the scammers receive the funds, they are quick to move or withdraw the funds and make their escape before being discovered.
Several major security breaches in recent times began with a phishing email. In this case, the scammers also sent out phishing emails, albeit without any malware attached to them. This tactic makes phishing emails and the scam in general, harder to detect using traditional security checks.
If the scam works, it results in a big payday for the scammers and has severe effects on the target company. It is difficult for law enforcement agencies to tackle these attacks. The FBI estimates a loss of around $12 billion from such scams.
Experts believe that London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence, sales management, email marketing, sales, financial operations, and human resources.
Agari pointed out that London Blue is primarily based in Nigeria but it has extended its operations, with potential members or co-conspirators in the UK, the US, and Western Europe.