By William Turton
The discovery of an alleged international ring of fraudsters started with a one-line email. In April 2019, a company accountant received an email that appeared to be from the chief executive officer.
“Joanna, Can you mail out a check to to a Vendor today? Barbara,” the email said.
The email had some hallmarks of a scam that is becoming increasingly common. But it also had a few unique attributes that intrigued cybersecurity experts at the company’s email security provider, Agari Data Inc. Using a fake email account posing as the company accountant, Agari sent back a reply.
“Hi Barbara, Yes, of course. Please send me the details for the payment and I will take care of it ASAP. Joanna,” the reply said.
Over the next several months, Agari said it was able to unravel what’s known as a business email compromise operation. Agari dubbed the group sending the emails Exaggerated Lion, and said its members were based in Nigeria, Ghana and Kenya. Between April and August 2019, Exaggerated Lion targeted more than 3,000 people at nearly 2,100 companies, all of them in the U.S., according to an Agari report published Thursday.
Similar email attacks are growing problem in the U.S., according to the latest Federal Bureau of…
