The bulk of email fraud gangs still operate out of Nigeria, according to new research.
A new report, Behind the ‘From' Lines: Email Fraud on a Global Scale, published by Agari and unveiled at the FS-ISAC 2018 Annual Summit said that nine of the 10 captured organised crime groups operate out of Nigeria. These gangs use a multitude of attack methods, and business email compromise (BEC) is far more lucrative than any other attack.
The firm's researchers analysed a variety of email-based attacks, including romance scams and rental scams, but even though BEC did not emerge as a trend until 2016, BEC attacks account for 24 percent of all attacks analysed. BEC attacks produce more victims and result in higher dollar losses than any other criminal email attack, with 0.37 victims per 100 probes. BEC attacks are also ten times more likely to produce a victim if the target answers an initial probe email, such as “Are you at your desk to make a payment?”
Agari pointed to the FBI IC3 “2017 Internet Crime Report” published this month, that indicated that BEC losses increased to US$ 675 million (£504 million) during 2017, more than 300 percent compared to US$ 215 million (£160 million) in 2014.
Research reveals that criminal email accounts request payment ranging from US$ 1,500 (£1,120) to more than US$ 200,000 (£149,223), with an average request of US$ 35,500 (£26,483).
Researchers analysed 59,652 unique messages accessed from 78 criminal email accounts. Among its other findings were that romance scams accounted for 11 percent of all attacks, with 0.13 victims per 100 probes, even though it has a much higher initial response rate of 72 percent. Romance scams are also ten times more likely to produce a victim if the target answers an initial probe, with 1.54 victims per 100 answered probes.
Agari also identified a sophisticated actor that has compromised email accounts belonging to real estate brokers by sending them malware-infected documents. This criminal uses these compromised email accounts to conduct ATO-based escrow scams that can potentially bankrupt his targets. Agari has reason to believe this individual, who appears to be operating out of Kenya, may actually be in the United States.
Patrick Peterson, founder and executive chairman of Agari said that while much of the high-profile attention paid to email security has focused on nation state actors, the reality is that American businesses are far more likely to be attacked by BEC scammers operating from Africa.
“The sad irony is that these foreign adversaries are using our own legitimate infrastructure against us in attacks that are far more damaging and much harder to detect than any intrusion or malware,” he said.
“Business email compromise has become a pervasive threat - it is the most popular, the most effective, and the most damaging of all of the attacks we research,” added Peterson. “These organised crime groups will not stop these attacks.”
Earlier this month, in a separate report, Palo Alto Networks observed Nigerian actors using 15 separate commodity malware tools in support of modern business email compromise (BEC) schemes. In the past year alone, they have conducted an average of 17,600 attacks per month, demonstrating a 45 percent increase from 2016. These attacks span all major industry verticals and target businesses rather than individuals, according to this report.