English speakers targeted by scammers in attempt to increase success of attacks

Criminals performing Business Email Compromise (BEC) attacks are increasingly recruiting fluent English speakers as they try to make their attempts more successful. 

BEC typically involves email fraud where the victim receives an email appearing to come from the CEO, or other high-level executive, of the company they work for, and asks for a transfer of money or the sending of confidential information. 

Recruitment of English speakers 

The reason for the drive to acquire fluent English speakers is simple: the more believable the fraud attempt is, in the assailants’ view, the more likely it is to succeed.  

BEC is not a brute force attack, such as DDoS or malware, but falls into the category of social engineering. If the attempt is more likely to fool its target, the chances of it succeeding increase.  

According to Intel 471, who have conducted research into how BEC scammers are increasingly using the cybercrime underground to outsource crucial components of their work, native English speakers are being sought out “since North American and European markets are the primary targets of such scams.”  

Spelling mistakes and grammatical issues, commonplace in many spam attempts, are often giveaways to recipients that emails are likely illegitimate. 

“The use of proper English is very important to these actors, as they want to ensure the messages they send to their victims — mainly high-level employees of an organization — do not raise any red flags,” the researchers added. 

Utilising the cybercrime underground 

Various cybercrime forums are used to recruit the specific skill sets required by threat actors. Intel 471 found different examples of ‘help wanted ads’ relating to English language speakers in 2021.  

One example is of an actor searching for a team of native English speakers on a popular Russian-language forum to take care of the social engineering elements of BEC attacks after access to custom Microsoft Office 365 domains had been obtained. The actor would take care of the technical aspects of the scams in this felonious relationship.  

Business Email Compromise cost U.S. companies $1.8 billion in losses in 2020 – 43 percent of all cybercrime losses for the year.  

However, BEC actually has a very limited presence within the cybercrime underground, likely due its social engineering nature not requiring many of the technical services or products offered. Personal skills are of greater importance. 

For example, another skill sought after on these forums is a money laundering service. Actors are looking to make the money stolen from BEC ‘untraceable and usable’. The researchers observed an ad posted on one forum looking to launder sums up to $250,000 through a cryptocurrency tumbler.  

Conclusion 

In attempt to increase the success rates of their scams, BEC threat actors are resorting to a recruitment drive of fluent English speakers. BEC campaigns may not be as visible on underground forums, but they are one of the biggest threats to a company.  

Intel 471 recommends that an organisation’s email users receive proper training against such risks as well as the implementation of a Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol to differentiate between legitimate and illegitimate emails.