BEC Scam Gang London Blue Evolves Tactics, Targets (Apr 4, 2019)
The threat group “London Blue,” known primarily for conducting Business Email Compromise (BEC) attacks, has been found to have been conducting a new campaign since January 2019, according to Agari researchers. London Blue is a Nigerian group that has been active since at least 2011 and has members in the U.S., the U.K, and other places around the world; members not located in Nigeria are primarily involved in moving stolen funds to actor-controlled accounts. Agari researchers were able to identify the new campaign via an email sent to the company’s Chief Financial Officer (CFO). The campaign comes in multiple parts. The initial email claims that a correspondent of the recipient forwarded the sender an email to let the sender know if anything else is needed. The follow up email purports that the sender needs the recipient to assist in an acquisition and that a down payment of $86,000 USD via wire transfer is required to complete the acquisition. The email purports that this acquisition has yet to be made public and therefore requests the recipient not to discuss this with anyone else in the office.
Recommendation: It is helpful for your business to use a company domain for email accounts, and maintain policies to educate employees on how to identify BEC attempts. Corporate email accounts should also employ two-factor authentication to add another layer of protection to email accounts that contain sensitive information.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.