The discovery
of an alleged international ring of fraudsters started with a one-l in email. In April 2019,a company accountant
received an email that appeared to be from the chief executive officer.
“Joanna, can you mail out a check to a vendor today? Barbara,”the email said.
The mail had some hallmarks of a scam .But it also had a an unique attributes
that in trigged cyber security experts at the company’s email security provider
, Agari Data Inc. Using a fake email account posting as the company accountant,
Agarisent back a reply .
“Hi Barbara
, Yes ,of course . Please send me the
details for the payment,”the reply said .
Over the next
several months , Agari said it was able to unravel what’s known as a business
email compromise operation. Agari dubbed the group sending the email
Exaggerated Lion, and said its members were based in Nigeria, Ghana and Kenya.
Between April and august 2019,
Exaggerated
Lion targeted over 3000 people at nearly 2100 companies , all in the US .
Similar
email attacks are growing problem in the US, according to the latest FBI
report.
In its
simplest forms, a business email compromise operator will send an email posing
as the CEO to an accounts payable department with an urgent request to transfer
funds or fulfill a fake invoice.
In another
example, payroll representative will receive an email appearing to be from an
employee requesting to update their direct deposit information-often to a
prepaid card account .
Companies
often realize something is amiss only when its too late .
As the fake
relationship progresses, mules are asked to launder larger sums of money.
Once an
unsuspecting business parts with its cash, through a paper cheque or wire
transfer ,Exaggerated Lions’s mules have a variety of ways to get the money
back to them.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.