Top CFOs are being targeted by a sophisticated email scam

A group of hackers based in Nigeria is trying to trick thousands of top executives across the globe into sen...

Posted: Dec 4, 2018 3:50 PM
Updated: Dec 4, 2018 3:51 PM

A group of hackers based in Nigeria is trying to trick thousands of top executives across the globe into sending them company funds.

The ambitious scheme that mainly targets chief financial officers via email is described in a new report by cybersecurity firm Agari, which investigated the group after coming under attack itself.

Business operations

Business, economy and trade

Company activities and management

Corporate finance

Continents and regions

Digital security

England

Europe

London

Northern Europe

Technology

United Kingdom

Crime, law enforcement and corrections

Criminal offenses

Fraud and financial crimes

Wire fraud

"Targets included companies in a very broad range of sectors, from small businesses to the largest multinational corporations," the report warns. More than half of them are in the United States.

The attackers are carrying out an increasingly common scam known as "business email compromise" in which they attempt to pose as a company insider, such as the CEO, requesting a money transfer to an outside account.

The FBI estimates that businesses around the world lost more than $12 billion through this kind of email scam between October 2013 and May 2018.

Agari said that the Nigerian group, which it calls "London Blue," has developed a highly sophisticated operation to dupe money out of finance executives.

"London Blue operates like a modern corporation," the report says. The group has people working on business intelligence, sales, email marketing, financial operations and human resources, according to Agari.

It carries out attacks in multiple languages and has at least 17 collaborators in the United States, United Kingdom and other Western European countries who are mainly involved in moving stolen money, Agari added.

50,000 finance execs on the target list

The email security firm said that during its investigation, it got hold of a list of the group's potential targets this year that contained more than 50,000 finance executives, of which 71% were CFOs.

Agari declined to reveal how it secured the data, other than saying it had actively engaged with the scammers. It said it had shared the info with US and UK law enforcement.

"Several of the world's biggest banks each had dozens of executives listed," it said. "The group also singled out mortgage companies for special attention, which would enable scams that steal real estate purchases or lease payments."

As well as the United States, companies in more than 80 other countries were on the list, including Spain, the United Kingdom, Finland, the Netherlands and Mexico.

Agari said it became aware of London Blue after the group tried to trick the security firm's own CFO in August. Agari said it "then engaged actively with the attacker, giving us an initial glimpse of the gang that we would widen into a penetrating X-ray."

London Blue relies on commercial data providers, most recently one based in San Francisco, to build up its list of targets and gather information about them, according to the report. That includes executives' names, company titles, work email addresses and personal email addresses.

The list of more than 300 potential targets on which Agari's CFO appeared was obtained by London Blue from a commercial data provider in November 2017.

The list also contained information about "CFO victims at one of the world's top private universities, a major enterprise data storage company, a famed guitar maker, casinos and hotels, a retirement home, and small and medium-sized businesses of all types," the report says.

Agari estimated that the scam has caused damage worth hundreds of thousands of dollars.

West Lafayette
Clear
78° wxIcon
Hi: 80° Lo: 53°
Feels Like: 79°
Kokomo
Clear
75° wxIcon
Hi: 78° Lo: 51°
Feels Like: 75°
Rensselaer
Clear
72° wxIcon
Hi: 79° Lo: 50°
Feels Like: 72°
Fowler
Clear
72° wxIcon
Hi: 78° Lo: 52°
Feels Like: 72°
Williamsport
Clear
73° wxIcon
Hi: 77° Lo: 51°
Feels Like: 73°
Crawfordsville
Clear
71° wxIcon
Hi: 78° Lo: 53°
Feels Like: 71°
Frankfort
Overcast
75° wxIcon
Hi: 79° Lo: 51°
Feels Like: 75°
Delphi
Clear
74° wxIcon
Hi: 80° Lo: 51°
Feels Like: 74°
Monticello
Clear
74° wxIcon
Hi: 81° Lo: 51°
Feels Like: 74°
Logansport
Clear
72° wxIcon
Hi: 78° Lo: 50°
Feels Like: 72°
Very Warm, Then Rainfall Potential, Followed by Much Cooler Weather
WLFI Radar
WLFI Temps
WLFI Planner

Indiana Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 113337

Reported Deaths: 3530
CountyConfirmedDeaths
Marion20936761
Lake10334319
Elkhart6438109
St. Joseph6226103
Allen6060200
Hamilton4761109
Vanderburgh349430
Hendricks2681122
Monroe251236
Tippecanoe231213
Johnson2279123
Clark215756
Porter209046
Cass19339
Delaware189561
Vigo178524
Madison161075
LaPorte138239
Floyd132161
Howard129063
Warrick122336
Kosciusko120617
Bartholomew115357
Marshall99424
Dubois95918
Boone95646
Hancock91443
Grant89733
Noble89432
Henry78125
Wayne74714
Jackson7429
Morgan70638
Shelby66629
Daviess65428
Dearborn63928
LaGrange63211
Clinton59513
Harrison56424
Putnam53810
Lawrence50628
Montgomery50521
Knox5039
Gibson4894
White48214
DeKalb46311
Decatur45739
Miami4303
Greene41935
Fayette41813
Jasper3862
Steuben3747
Scott35910
Sullivan33112
Jennings31212
Posey3090
Franklin30325
Clay2985
Orange28624
Ripley2828
Carroll27113
Wabash2628
Washington2611
Whitley2556
Starke2537
Adams2523
Wells2503
Jefferson2443
Fulton2352
Huntington2223
Spencer2223
Tipton22022
Perry21513
Randolph2097
Jay1750
Newton17211
Owen1671
Martin1640
Rush1534
Pike1411
Vermillion1260
Fountain1202
Pulaski1151
Blackford1133
Brown1033
Crawford1030
Parke961
Benton880
Ohio777
Union770
Switzerland690
Warren391
Unassigned0225

COVID-19 Important links and resources

As the spread of COVID-19, or as it's more commonly known as the coronavirus continues, this page will serve as your one-stop for the resources you need to stay informed and to keep you and your family safe. CLICK HERE

Closings related to the prevention of the COVID-19 can be found on our Closings page.

Community Events