Business Email Compromise (BEC) Criminal Ring
A criminal group called Cosmic Lynx seems to be based in Russia:
Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored scams related to mergers and acquisitions; the group typically requests hundreds of thousands or even millions of dollars as part of its hustles.
[…]
For example, rather than use free accounts, Cosmic Lynx will register strategic domain names for each BEC campaign to create more convincing email accounts. And the group knows how to shield these domains so they’re harder to trace to the true owner. Cosmic Lynx also has a strong understanding of the email authentication protocol DMARC and does reconnaissance to assess its targets’ specific system DMARC policies to most effectively circumvent them.
Cosmic Lynx also drafts unusually clean and credible-looking messages to deceive targets. The group will find a company that is about to complete an acquisition and contact one of its top executives posing as the CEO of the organization being bought. This phony CEO will then involve “external legal counsel” to facilitate the necessary payments. This is where Cosmic Lynx adds a second persona to give the process an air of legitimacy, typically impersonating a real lawyer from a well-regarded law firm in the United Kingdom. The fake lawyer will email the same executive that the “CEO” wrote to, often in a new email thread, and share logistics about completing the transaction. Unlike most BEC campaigns, in which the messages often have grammatical mistakes or awkward wording, Cosmic Lynx messages are almost always clean.
Clive Robinson • July 10, 2020 8:02 AM
@ ALL,
<
ul>“Unlike most BEC campaigns, in which the messages often have grammatical mistakes or awkward wording, Cosmic Lynx messages are almost always clean.”
That’s where you find that,
If it looks like a duck, waddles like a duck, and quacks like a duck, it’s a duck
Reasoning lets you down and only later do you find out that not only was it a goose, but you got goosed…
This is not the first time this sort of thing has happened with technology. I think the first technology one was with Fax machines, but we know back in Queen Elisabeth 1st of Englands reign that falsifing letters and seals was a speciality of her spymaster. So it’s likely that letters of marque etc had been forged at some point.
Funny how old tricks just need that bit of polish to a fine finish to become new again…
But the lesson to learn is always double check your instincts, especially when it could save you not just money but your job and reputation…