Unsolicited Blank Emails Could Portend BEC Attacks

Unsolicited Blank Emails Could Portend BEC Attacks

Security researchers have warned organizations that unsolicited blank emails could be a warning sign they are being actively targeted by BEC scammers.





Agari has been tracking professional BEC gangs such as London Blue, Scarlet Widow and Curious Orca for over a year.





Crane Hassold, senior director at the Agari Cyber Intelligence Division (ACID), explained in a new blog post that “lead validation and processing” is a crucial part of the attack chain in which gang members take raw leads and validate, add info to and organize them.





While some use commercial lead generation services to identify and validate targets, others might manually send “probing” emails to check the legitimacy of raw target data. These typically blank messages might contain the subject “i” and are only designed to see if they delivered successfully.





They’re usually sent in non-work hours when they’re more likely to be missed, Hassold said.





“If no bounce notification is received, the target’s email address is assumed to be valid and operational. In the case of Curious Orca, once this contact information has been validated, their name, email address, and title are added to one of the hundreds of consolidated text files containing verified targets,” he continued.



“In many cases, this file includes supplemental information about the CEO at the target company who will be impersonated in the BEC attack.”





Sometimes, even if the address is invalid, the scammer may try other variations, possibly using legitimate marketing tools to suggest new combinations ..

Support the originator by clicking the read the rest link below.