Nigerian email scammers have extended their operation into the UK, and are using legitimate data providers to locate targets, according to a study by Agari.
The group, known in security circles as London Blue, is a multinational gang that runs business email compromise (BEC) scams, using the tools of legitimate enterprises.
“London Blue operates like a modern corporation,” Agari writes. “Its members carry out specialized functions including business intelligence (lead generation), sales management (assignment of leads), email marketing (semi-customized BEC attack emails), sales (the con itself, conducted with individual attention to the victim), financial operations (receiving, moving and extracting the funds), and human resources (recruiting and managing money mules).”
Perhaps most alarmingly, London Blue utilizes so-called commercial data brokers to create target email lists.
The group has assembled over 50,000 potential victim profiles, with half located in the United States. Overall, the prospects are located in 82 countries.
"What we're able to find is that this group is using legitimate sales leads services to identify potential targets in their campaigns,” said Craig Hassold, Agari’s senior director of research, during the Black Hat conference in London this week, according to the Register.
Hassold added: “They're using services that businesses all round the world use from a legit sales perspective to ID companies they might wanna offer their services to.”
The targets tend to be financial controllers, directors, senior managers and accountants, he continued.
Agari’s study notes that Nigeria has long been a hub for scam artists, and that the “Nigerian Prince” swindle predates the internet era, having its origin in a 16th-century Spanish prisoner scheme.
Now, having set up shop in the UK, the London Blue combine is relying on “the basic technique of spear-phishing — using specific knowledge about a target’s relationships to send a fraudulent email — and turned it into massive BEC campaigns.”
The report continues: “Each attack email requesting a money transfer is customized to appear to be an order from a senior executive of the company. Conventional spear-phishing requires time-consuming research to gather the info needed for the attack to be successful — identifying individuals with access to move funds, learning how to contact them, and learning their organizational hierarchies.
It adds that “commercial lead-generation services have allowed London Blue to short-cut gathering the necessary data for thousands of target victims at a time.”