Categories: SecurityWorkspace

‘London Blue’ Fraud Group Targets Financial Services Industry

A hacking group called “London Blue” has gathered a list of some 35,000 chief financial officers,  some of whom work for the world’s largest financial services firms, as part of an aggressive string of “business email compromise” (BEC) attack campaigns.

The scam, which involves rushing a chief financial officer into making a large transfer to an unknown account, has cost more than 78,000 companies more than $12 billion (£9bn) over the past three years, the FBI said in July.

The “London Blue” group, based in Nigeria and the UK, with supporters in other countries, is one of the largest best-organised known to date, according to security firm Agari.

Agari determined that the group had compiled a list of a total of 50,000 targets, with 71 percent being chief financial officers and the rest senior members of finance teams, including finance directors, controllers and members of accounting.

Financial services targeted

Most targets are in the US, with the UK, Spain, Finland and Egypt amongst the other countries targeted.

The group is mainly targeting mortgage companies in order to steal real estate purchase funds or lease payments, but the target list also includes executives at the world’s largest banks.

The attacks involved use social engineering techniques and as such tend to slip past technical countermeasures, Agari said.

The group has taken the basic techniques of targeted scams, known as spear phishing attacks, relying on detailed knowledge about a target’s relationships to send a fraudulent email, and “turned it into massive BEC campaigns”, Agari said in a report.

The study was launched to coincide with Black Hat Europe, taking place in London this week.

“Each attack email requesting a money transfer is customised to appear to be an order from a senior executive of the company,” the report said.

It found that London Blue has greatly reduced the amount of time-consuming research that normally goes into a targeted scam by using commercial lead-generation services and gather the necessary data for thousands of targets at a time.

Corporate structure

Such commercial firms supply data such as names, company, titles, work email and personal email addresses.

The group is well-organised in other ways as well, operating like a modern corporation, with specialised staff for business intelligence, financial operations, human resources, sales management, email marketing and sales.

Members first generate leads for potential targets before carrying out reconnaissance to gather additional information such as email addresses or names.

Agari first encountered London Blue when the group targeted Agari’s own chief financial officer, in a scam email supposedly sent by the company’s chief executive.

The group has 17 possible collaborators in Western Europe and the US, Agari found.

Its techniques give it “the attack volume of a mass spam campaign, but with the target-specific customisation of spear-phishing attacks”.

After financial services, the group targeted the construction, real estate and healthcare industries.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago