Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Sophisticated “Exaggerated Lion” BEC Check Scam Uses Mules to Cash Out

    Stu Sjouwerman | Mar 3, 2020

    Scam Alert written on the road-2You may wonder exactly how BEC scammers see a payday. New insight from security vendor Agari documents how a secondary check scam dupes unsuspecting victims to help.

    From April to October of 2019, the African-based cybercriminal group known as “Exaggerated Lion” ran a set of business email compromise (BEC) attacks tricking mostly Accounts Payable employees at over 2,100 companies into fraudulently sending money to alternate bank accounts.

    What makes this set of attacks so interesting is the bank accounts aren’t controlled by Exaggerated Lion. Instead, this same group has been grooming a network of trusted mules – people who are duped into helping with moving money without question – since 2017. The monies resulting from BEC attacks are placed into a mule’s bank account and the mule then cashes the cybercriminal group out. The mules are individuals that have fallen for romance scams (so they believe they are helping their long-distance love) or a fast money business scam (where the individual is paid a fee for processing the check and passing along the majority of the funds back to what they believe is a legitimate business).

    This attack is a perfect example of the extent to which cybercriminals will go to achieve their goal of stealing money. But, in both the case of the BEC scam and the mule scam, social engineering is used. And in the case of the BEC scam, spearphishing is the attack vector.

    It important to remember, the mules only exist because the 2,100 companies fell for a BEC scam. Organizations utilizing Security Awareness Training are less susceptible to these kinds of scams, as their employees are aware of them in the first place, and are taught how to spot a scam a mile away.

    While Agari has taken steps with the authorities to identify and close out mule-owned bank accounts, Exaggerated Lion continues their BEC efforts.

    Topics: Security Awareness Training CEO Fraud

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the human and AI workforce to make safer security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage risk. Our comprehensive AI-driven platform includes awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, agent security and more. As the only global security platform of its kind, KnowBe4 provides personalized content, tools, and techniques to keep the modern workforce safe from phishing, vishing, deepfakes, and emerging threats.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.