Russian cyber criminals, attracted by the profits in Business Email Compromise (BEC) attacks, are pursuing a fake merger-and-acquisition scheme.
Dubbed Cosmic Lynx, the group targets employees, largely at the VP level. These individuals account for 40% of all fraud losses each year. The gang also impersonates outside legal counsel, in a brazen two-pronged scheme, Agari reports.
The external attorney “facilitates” the purported transaction. Any funds stolen are moved through money mule accounts in Hong Kong, and secondary accounts located in Hungary, Portugal, and Romania, although not in the U.S., Agari says.
One recent attempt consisted of a $2.7 million transfer request. In contrast, the average BEC scam attempts $55,000.
According to Agari, email fraud originated in West Africa over 30 years ago, and 90% of BEC scams still come from the region.
Russian and Eastern European gangs have traditionally pursued technology-based malware attacks, but recently have been attracted by the profits in BEC schemes. This is the first group to emerge from the area.
“Cosmic Lynx represents the future of organized crime rings that are shifting focus to socially engineered email fraud," states Armen L. Najarian, CMO and chief identity officer for Agari.
Najarian adds: "The more favorable economics of socially engineered schemes targeting enterprise victims have driven groups like Cosmic Lynx to defocus on the more costly and less lucrative ransomware fraud."