Hackers Target 35,000 CFOs for Phishing Scam

A Nigerian gang's "business email compromise" scam aimed at finance execs shows how cybercriminals are becoming more sophisticated.
Matthew HellerDecember 5, 2018
Hackers Target 35,000 CFOs for Phishing Scam

A group of Nigerian hackers included 35,000 CFOs in their list of targets for bogus requests to transfer money, highlighting the dangers of increasingly common “business email compromise” (BEC) scams.

Cyber threat detection firm Agari reported the group known as “London Blue” chose their targets from lists acquired from commercial data brokers, whose clients are usually marketers and sales teams.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The London Blue list included a total of more than 50,000 finance executives, of whom 71% were chief financial officers. More than half of the executives were in the United States, with others in the United Kingdom, Spain, Finland, the Netherlands, and Mexico.

Agari estimated in its report that the scam has already caused hundreds of thousands of dollars in damage.

“This report demonstrates that cybercriminal groups continue to evolve and are using formal business strategies and structure to more effectively carry out their scams,” the firm said, noting London Blue’s use of “legitimate commercial sales prospecting tools.”

“The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” it added.

As CNN reports, BEC scammers “attempt to pose as a company insider, such as the CEO, requesting a money transfer to an outside account.” The FBI estimates businesses around the world lost more than $12 billion through such scams between October 2013 and May 2018.

Agari said London Blue had “taken the basic technique of spear-phishing — using specific knowledge about a target’s relationships to send a fraudulent email — and turned it into massive BEC campaigns,” with each email requesting a money transfer customized to appear to be an order from a senior executive of the company.

“It is pure social engineering,” Crane Hassold, senior director of threat research at Agari, told The Financial Times.

According to Hassold, the hackers have been successful in some cases, even convincing a bank’s loss prevention unit a transaction for more than $20,000 was valid.

Agari said London Blue tried to scam its own CFO and it “engaged actively with the attacker, giving us an initial glimpse of the gang that we would widen into a penetrating X-ray.”

Photo: Getty Images

Understanding Which ERP Modules Your Business Needs – And When