Criminals are recruiting native English speakers to infiltrate email accounts and make scams known as Business Email Compromise (BEC) more effective.
A BEC scam usually starts with a phishing email that’s customized to the victim’s profile. Scammers can also use social engineering and email address spoofing to ultimately trick the recipient into transferring money to the fraudster’s account. In some cases, these payments can reach millions of dollars. In 2020, US companies alone lost roughly $1.8 billion to these types of cybercrime.
Often little technical expertise is required to carry out a successful BEC attack, the key to success is often effective communication. If the scammers are not fluent in the language their target speaks, their BEC attack is more likely to fail.
There are a variety of ways to solve this problem that’s usually caused by a lack of native language speakers. Scammers can simply hire them.
Increasingly, forums are being used by BEC scammers to find English speakers who can manage both the technical and social engineering aspects of a scam, according to a report from Intel 471.
In 2021, threat actors started to hire native English speakers to manage email communication and negotiate BEC operations. Intel 401 reports seeing such ads on popular Russian-speaking cybercriminal forums.
Scammers attempt to convince a target employee that their communication comes from a trusted source, therefore spelling mistakes, grammar errors, and awkward language could all raise red flags and point to a potential scam.
“Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams,” the researchers said in the report. “Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money.”