loader gif

London Blue group’s Business Email Compromise (BEC) scams target Asia

London Blue group’s Business Email Compromise (BEC) scams target Asia
  • London Blue scammers were spotted running BEC scams against employees in Asia who are working for companies in the US, Australia, or Europe.
  • London Blue scammers are spoofing the email address of the target company’s CEO in order to add more authenticity to their scam emails.

What is the issue - London Blue scammers were spotted running BEC scams against employees in Asia who are working for companies in the US, Australia, or Europe.

Worth noting - London Blue scammers are spoofing the email address of the target company’s CEO in order to add more authenticity to their scam emails.

The big picture

These scammers rely on a new target database of nearly 8,500 financial executives from almost 7,800 different companies across the world.

  • In February 2019, London Blue scammers launched BEC campaigns against Hong Kong and Singapore.
  • In March 2019, these scammers targeted victims in Malaysia.
  • The group’s primary target is the US (39%), followed by Hong Kong (11%), Australia (10%), Singapore (9%), Malaysia (7%), the UK (6%), Ireland (5%), and other European countries.

London Blue scammers target Agari CFO

In January 2019, London Blue scammers attempted to target Agari CFO, Raymond Lim for the second time. Agari team tracked London Blue scammers’ activities right from the time they collected information and sent a test email to Lim. However, Agari Advanced Threat Protection blocked the test email before it reached Lim's inbox.

“Unsurprisingly, most of the companies we have observed London Blue target using spoofing techniques do not have a DMARC record established. The few targeted companies that do have DMARC records set up only have their policies set to p=none, which only sends failure reports to a specified email address and does nothing to prevent a spoofed email from reaching its intended target,” the Agari researchers wrote.

loader gif