London Blue: 50,000 execs are on the hit list of this phishing scam group

• London Blue is primarily based in Nigeria but it has extended its operations, with potential members or co-conspirators in the UK, the US, and Western Europe.
• BEC scams, like the ones perpetrated by the London Blue group, is estimated to cost organizations around $12 billion, according to the FBI.

A group of scammers, dubbed London Blue, managed to create a target list of 50,000 executives, including CFOs and other finance executives, which they planned to use to launch BEC scams.

This list was discovered during an investigation by the security company Agari after they were targeted by one of the scams operated by the cybercriminal group. Agari has since published a report detailing the group’s malicious activities.

Who are the London Blue?

The cybercrime gang London Blue seems to specifically target victims with Business Email Compromise (BEC) scams. The main motive of such a scam is to get an employee from a targeted company, preferably one in a finance role, to send funds to them. The scammers use lures that pose as legitimate, usually appearing as an internal fund transfer request. Once the scammers receive the funds, they are quick to move or withdraw the funds and make their escape before being discovered.

Several major security breaches in recent times began with a phishing email. In this case, the scammers also sent out phishing emails, albeit without any malware attached to them. This tactic makes phishing emails and the scam in general, harder to detect using traditional security checks.

If the scam works, it results in a big payday for the scammers and has severe effects on the target company. It is difficult for law enforcement agencies to tackle these attacks. The FBI estimates a loss of around $12 billion from such scams.

Experts believe that London Blue operates like a modern corporation. Its members carry out specialized functions including business intelligence, sales management, email marketing, sales, financial operations, and human resources.

Key findings from the investigation

• A list of over 50,000 corporate officials was identified, which was generated during a five-month period in early 2018 and used to prepare for future BEC phishing campaigns.
• 71 percent of the executives that made this list were CFOs, 2 percent were executive assistants, and the remainder were other finance leaders.
• Targets included companies in a very broad range of sectors, from small businesses to the largest multinational corporations.
• Several of the world’s biggest banks’ executives also made the list.
• London Blue also singled out mortgage companies for special attention, which would enable scammers that steal real estate purchases or lease payments.
• Over half of the 50,000 potential victim profiles in the list were located in the US. Other countries targeted included Spain, UK, Finland, the Netherlands, and Mexico.
• In total, potential targets in 82 different countries were identified in London Blue’s target repository.

Agari pointed out that London Blue is primarily based in Nigeria but it has extended its operations, with potential members or co-conspirators in the UK, the US, and Western Europe.