Individuals for whom the English language is a native tongue are now being heavily recruited by cybercriminals as they look to increase the success of business email compromise (BEC) attacks.

While easy to execute, BEC schemes are widely acknowledged to be among some of the most devastating strikes aimed at enterprises, ranked alongside attacks like those using ransomware.

How BEC scams work

A BEC attack will usually begin with a well-crafted phishing email, customised and tailored to suit a specific target. Social engineering and spoofing are often additionally used to support theses scams, making a message seem to come from a sender within the chosen victim’s company like an executive level employee, CEO, or accounts department team member. The use of a staff member’s superiors is designed to fool them into sending a requested payment to a financial account in the hands of a cybercriminal.

Often, such payments will masquerade as an alleged invoice that requires an urgent payment and can involve millions. Statistics from last year show that in 2020, companies based across the Atlantic in the USA lost approximately $1.8bn to BEC attacks.

While hardly any technical knowledge is necessary to execute a successful BEC scam, threat actors behind such attacks must be able to effectively communicate. If they are unable to speak fluently in a target’s language, the chance of an attacker’s BEC scam succeeding will decrease dramatically.

However, this lack of expertise can be compensated for by recruiting a native English speaker.

Forums used to hire English speakers

Cybercrime researchers have now uncovered that BEC scam artists are using forums online to enlist the services of English speakers. Specifically, this is to unite teams of individuals who are capable to take care of both the social engineering and technical areas of a BEC attack.

During 2021, activity was observed involving threat actors posting ‘help wanted’ ads on a Russian-speaking hacker forum seeking out native English speakers. The candidates would later be tasked with the management of email communication to avoid raising red flags among members of a major organisation while managing negotiations for BEC operations.

The research team commented on its findings:

“Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams. The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers. Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money.”

Additionally, the researchers also identified the threat actors attempting to hire launderers with the ability to clean up any proceeds after BEC schemes, a process typically achieved through options like cryptocurrency mixers. One of adverts uncovered by the analysts was attempting to hire a service that could launder amounts of around $250,000.