Business email campaigns schemes, like ransomware, can be simple to implement but have the potential to be extremely damaging to a company.
A BEC scam typically begins with a phishing email that is tailored and customized to the victim. To trick an employee into making a payment to an account controlled by a criminal, social engineering and email address spoofing can be used to make the message appear to come from someone in the target company — such as an executive, the CEO, or a member of the accounts team.
These payments, which are intended to pay an alleged invoice, for example, can amount to millions of dollars in some cases. In 2020, companies in the United States alone will have lost $1.8 billion due to cyberattacks. To pull off a BEC scam, little technical knowledge is required; however, threat actors must be able to communicate effectively in order to succeed in these endeavors — and if they are not fluent in the target’s native language, BEC attacks may fail.
Unfortunately, there is a way to fill this knowledge gap: hire a native language speaker from the subway.
According to Intel 471, forums are now being used to find English speakers in particular, in order to put together teams capable of handling both the technical and social engineering aspects of a BEC scam.
Threat actors have advertised for native English speakers on a popular Russian-speaking cybercriminal forum over the course of 2021, tasked with managing email communication that would not raise red flags to members of a high-level organization, as well as managing the negotiation aspect of a BEC operation.
Secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn’t right, just as spam often contains issues that alert recipients to attempted fraud.
“Actors like those we saw are looking for native English speakers because the North American and European markets are the main targets of these types of scams,” the researchers say.
Furthermore, threat actors are attempting to recruit launderers to clean up the proceeds of BEC schemes, which is frequently accomplished through cryptocurrency mixer and tumbler platforms. The team came across an ad for a service that could wash up to $250,000.
“Because many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services, the BEC footprint on underground forums is not as large as other types of cybercrime.”
A report from Intel 471 notes that “BEC’s footprint on underground forums isn’t as large as other types of cybercrime, likely because many of its operational elements use targeted social engineering tactics and fraudulent domains, which don’t typically require technical services or products that the underground offers.” So long as the underground remains a hotbed of skills that can make criminals money, criminals will use it for all kinds of schemes.