• by Ray Schultz , June 5, 2019

Scattered Canary, a gang of scammers based in Nigeria, has used business email compromise attacks to file 13 fraudulent tax returns with the IRS, get approved for at least $65,000 in credit via 48 credit card applications with four U.S. financial institutions, submit 11 Social Security applications and apply for FEMA assistance, according to Agari’s Threat Actor Dossier published today.

The group grew from a one-man startup beginning around 2008 into a “scalable” operation with 35 individual criminal actors,

Each of the bad actors has a sphere of influence, ranging from recruiting money mules to providing infrastructure, Agari reports. 

The gang evolved from simple Craigslist scams into a wide variety of crimes.

“While Scattered Canary's primary attack vector is BEC, at any given time, it is also involved in a dozen other types of disparate scams,” states Crane Hassold, senior director of threat research at Agari.

Agari detected the group after a senior executive at the firm was impersonated in an email targeting its chief financial officer.

The group has used a feature in Gmail accounts of create numerous "dot variant" accounts, Agari says.

Losses from BEC scams almost doubled in 2018 to $1.3 billion, the FBI reports.

"If we are to take Scattered Canary as a microcosm for the organizations behind today's most malicious scams, it demonstrates that a more holistic approach, one based on threat actor identity rather than type of fraudulent activity, is needed to detect email fraud and protect businesses, Hassold concludes.