Cybergang Favors G Suite and Physical Checks For BEC Attacks

2020-02-20 16:17

The cybercrime ring is unique in its leveraging of Google's cloud-based productivity suite, G Suite, and for its use of physical checks for collecting fraudulent payments - as opposed to wire transfers.

"For Exaggerated Lion, their use of physical checks as a cashout mechanism sets them apart from other BEC groups and their evolution to creating fake documents that are commonly used in authentic business transactions to add legitimacy to their scams."

Most notably, attackers were asking for a physical check, which they would then use to cash out money pilfered through the BEC attacks.

"Exaggerated Lion likely prefers to use physical checks rather than wire transfers because, while it might take longer to complete the transactions, they will likely be more lucrative in the long run," Crane Hassold, senior director for threat research at Agari, told Threatpost.

"These are legitimate checks getting deposited into legitimate bank accounts. And once the checks are successfully deposited, they money is funneled to the Exaggerated Lion scammers very quickly, making the funds harder to recover. Plus, Exaggerated Lion has built a large network of check mules in the US based on their long history running check fraud schemes."

News URL

https://threatpost.com/cybergang-favors-g-suite-and-physical-checks-for-bec-attacks/153074/

#attack #gsuite