Fraudsters authenticate data before BEC attacks
The Curious Orca grouping manually authenticates email addresses by sending blank emails.
A recently discovered cybercriminal group from Nigeria called Curious Orca manually checks the email addresses of its victims before carrying out a BEC attack.
BEC attacks (Business Email Compromise) are a fraudulent scheme in which attackers ask a company employee to transfer money to a bank account they control by sending a request in an email allegedly on behalf of the director of the company or a trusted partner.
At the first stage of the attack, Curious Orca compiles a list of employees that can be attacked and verifies the authenticity of the data collected. According to Agari Cyber Intelligence Division (ACID) experts, attackers scrupulously search and verify the data of the employees they intend to attack, and they also look in open sources for information about the person for whom they intend to impersonate (for example, information about the head of the company).
Most fraudsters specializing in BEC attacks use special services for lead generation, providing them with most, if not all, of the information necessary to carry out the attack.
“When fraudsters find corporate employees who meet the necessary criteria through a search, the service will provide a spreadsheet with the necessary information and even indicate whether their company has previously verified email addresses,” the researchers quoted Bleeping Computer.
However, many scammers do not disdain to verify the received data manually for greater reliability. So, Curious Orca begins by compiling a list of employees and their likely email addresses. To verify the authenticity of email addresses, scammers send empty letters with the subject “i” and see if they have been delivered.
Lead generation is a marketing tactic aimed at finding potential customers with specific contact information.