A newly found group named Lilac Wolverine has been associated with BEC gift card scams that resulted in the compromise of personal email accounts. The group is highly centralized in Nigeria, a place that is historically popular among BEC actors.
What’s the campaign?
As reported by Abnormal Security, Lilac Wolverine’s overall attack tactics are similar to Vendor Email Compromise (VEC) attacks, except that instead of targeting businesses the group goes after personal email accounts.
- Targeted email accounts are specially hosted on AOL, Yahoo, BellSouth, Verizon, and Rogers webmail services.
- Rather than sending messages directly from the compromised accounts, the group spoofs the contact details from the compromised accounts as a part of its infection chain process.
How does it work?
The unsolicited emails appear to ask for a favor asking target to purchase gift cards for a friend’s birthday from Amazon.
- Sometimes, these messages also include sensitive topics, such as the birthday of a fictional friend who has cancer or just lost loved ones to COVID-19, to manipulate the recipients into sharing the gift cards.
- Lilac Wolverine typically requests easily available cards that recipients are likely familiar with, including Amazon, Apple, and Google Play, at amounts ranging from $100 to $500 per request.
Stay safe
Gift card email scams still work as cyber criminals know how to exploit users' emotions. Therefore, be cautious of such unsolicited emails that carry an emotionally-charged plea to help someone who actually does not exist. Having good email security measures also helps block such emails from reaching inboxes.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/3fb0_shutterstock_2116737722.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/54eb_shutterstock_505405996.jpg)
