Things just got serious.

Business Email Compromise is no longer solely the province of chancers and opportunistic Nigerian actors such as the Yahoo Boys. Organised criminal gangs with a high level of professionalism have seen the opportunity and seized it.

Security researchers at Agari have published a report detailing their investigations into a Russian cybercrime gang they say have stolen millions of dollars from companies in 46 countries since mid-2019.

What makes the report particularly interesting is that the Cosmic Lynx gang is believed to have moved on from their tried-and-trusted techniques of using banking trojans and click fraud malware to generate income into highly professional Business Email Compromise (BEC) attacks.

The attacks specifically target senior executives at Fortune 500 or Global 2000 companies, with three quarters of those in Cosmic Lynx’s sights holding job titles such as General Manager, Managing Director or Vice President.

According to Agari’s investigation, an attack typically begins with the gang’s impersonation of a company’s CEO, asking a targeted employee to work with “external legal counsel” to co-ordinate payments required to close a fake corporate merger or acquisition. Of course, the scammers also require the targeted employee to keep details of the transaction strictly confidential because of their “sensitive nature.”

Cosmic Lynx’s professional approach to cybercrime means that its email communications are not riddled with grammatical errors or misspelled words which might ring alarm bells for a recipient. Instead, the emails are detailed and use vocabulary that wouldn’t look amiss from the typical Chief Executive Officer.

Some of the emails even open with a paragraph or two about the current COVID-19 pandemic in an attempt to build rapport with their intended victim, and disarm any suspicions.

Part of one email reads:

I hope this measure finds you safe, healthy and staying positive in the (Read more...)