CFOs targeted in latest hacking spell


A new cybercriminal group, calling themselves the “London Blue” hackers, has revamped the business email compromise hack to target 35,000 chief financial officers across the world.

The scam, which is designed to send CFOs bogus emails requesting the quick transfer of money to an unknown account, is on the rise and its imminence has been forewarned by the FBI since July this year.

The hackers’ compiled list, which incorporates CFOs hailing from the globe’s largest banks and mortgage firms, was supposedly taken from two data brokers generating information for sales and marketing departments. It was found by cybersecurity and threat detection organisation Agari. The company located a catalogue of 50,000 potential officers, many of whom operated primarily in accounting departments.

A report compiled by researchers noted: “London Blue’s effectiveness depends on working with commercial data brokers to assemble lists of target victims around the world. Doing so gives it the attack volume of a mass spam campaign, but with the target-specific customisation of spear-phishing attacks.”

The FBI noted that such cons have cost companies US$12 billion since 2013 with the number of targets rising to 78,617 in the meantime. Information from Agari has been transferred to both British and American law enforcement agencies, on the premise that it would be easier to prosecute the hackers in both the jurisdictions should they be located in either of the countries.

Agari’s senior direct of threat research, Crane Hassold, noted that the hackers had been considerably successful in the past. In many instances, they had used a “money mule” to convince banks that a transaction greater than US$20,000 was legitimate, even subverting their loss-prevention teams in the process.

Hassold said: “It is pure social engineering. The reason it is on the rise is because it has been proven to work,” adding that the attack was more a psychological one than a technologically-advanced move.

Agari itself only came to know of the group when its own chief financial officer became the near-victim of the scam. The hackers supposedly posed as the CEO (a common trick known as “whaling”, when the criminals front as the company’s biggest fish) to sway the CFO into transferring money but were halted when they were further interrogated about the bank accounts in question and the transaction as a whole.

The cybersecurity firm has deduced that although the London Blue hackers are based in Nigeria, its operations run worldwide with at least 17 collaborators in different positions across globe, especially in western Europe and in the USA. Hassold commented that the group ran itself like a “modern corporation”, with individuals carrying out functions in lead generation, human resources and financial operations amongst others.

The most prominent targeted industry was financial services, closely followed by construction, real estate and healthcare. More than 50 per cent of the victims hailed from the US, with the rest coming from the UK, the Netherlands and Mexico.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *