Business Email Compromise attacks (BEC) is a form of cyber-crime which uses email fraud to attack commercial, government and non-profit organizations to achieve a specific outcome which negatively impacts the targets organization.

Researchers have found out that BEC has its reconnaissance phase too. Researchers at Agari say they’ve found that blank, unsolicited emails are often an early sign that a “BEC gang” is targeting an organization. It serves as a probe to help validate that an email address is likely to be valid, and to be associated with a target the gang in interested in.

The BEC gang wants a reasonable assurance that its attack will arrive in a live email box. If the blank email, often with only the single letter “i” as its subject, does not bounce, then the criminals proceed with more confidence that they have found a live target. When they speak of gangs, the researchers mean organized groups of BEC scammers, many of them based in Nigeria and known by such names as “London Blue,” “Scarlet Widow,” and “Curious Orca.”

“Since August 2018, a single Curious Orca associate has sent blank reconnaissance emails to more than 7,800 email addresses at over 3,200 companies in at least twelve countries,” Agaris’s blog post said. “The validated contact information collected by this actor has contributed to a master targeting database containing more than 35,000 financial controllers and accountants at 28,000 companies around the world.”

One protective step Agari recommends is to configure inbound email filters to screen for messages without content. These could then be flagged to a security team for further investigation, and for a timely warning to the targeted individual.

That said, the blank email is also the sort of probe that employees should be aware of. Maybe it was a mistake. Maybe someone just transmitted prematurely. But it would not be out of order for people who receive a blank email to raise their guard.

Read the original article here: