02/28/2019

Email Scammers Ditch Wire Transfers for iTunes Gift Cards

Hackers make a lot of money targeting businesses and institutions of all kinds

Criminal hackers make a lot of money targeting businesses and institutions of all kinds with phishing attacks that lead to compromised business email. While crooks may have an array of systems in place to launder the funds they steal, researchers have noticed that so-called business email compromise scammers are leaning more and more on the humble gift card.

At the RSA security conference in San Francisco next Tuesday, researchers from the email defense firm Agari will present detailed findings on a Nigerian scam group the company has dubbed Scarlet Widow. Agari researchers have monitored the group since 2017, and have tracked its prolific activity back to 2015. Scarlet Widow mostly focuses on targets based in the United States and the United Kingdom, dabbling in a number of types of fraud like tax scams, property rental cons, and especially romance scams. But over the past couple of years, the group has been perfecting its business email compromise efforts, known as BEC for short. The group has particularly targeted medium and large US nonprofits that are often equipped with less advanced defenses. Recent targets include the Boy Scouts of America, YMCA chapters, a midwestern Archdiocese of the Catholic Church, the West Coast chapter of the United Way, medical groups, antihunger organizations, and even a ballet foundation in Texas.

"With most BEC attacks, a vast majority of employees that receive them would know they're scams," says Crane Hassold, senior director of threat research at Agari who previously worked as a digital behavior analyst for the FBI. "But it only takes a very small number of successes to make it very profitable."

Please select this link to read the complete article from WIRED.