Get the latest market trends in your inbox

Stay on top of the latest market trends and economic insights with the Axios Markets newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Email scammers are just like any other small business: They need leads, and commercial lead-generation services — the same kind many salespeople use — are providing them.

The big picture: Email scams targeting businesses, usually referred to as business email compromise scams, can seem unsophisticated. They typically take the form of fake invoices or emails from executives asking for money transfers. But like any other kind of enterprise, they care a lot about finding new clients — or, in their case, victims.

Background: In the past, we've covered how criminal groups operate like corporations, from their help wanted ads to their customer support hotlines. This is just the latest example.

  • Email fraudsters became known as "Nigerian scammers" in the early days of the web, when people around the world started to receive messages from bogus Nigerian princes seeking cash assistance. But the name is apt — the major groups actually do operate out of West Africa, and particularly Nigeria.

Details: "Of the West African groups we've profiled, nearly all of them use lead-generation sites," said Crane Hassold, senior director of threat research at Agari, a firm that tracks how email scam groups operate.

  • The criminal groups Agari has observed all used different lead-generation firms.
  • The sites offer users customizable searches for targets. For example, you could look up chief financial officers for tech companies of a certain size and revenue in California.
  • The groups Agari has tracked would sign up for free trials under a series of email accounts using the "Gmail dot" trick, though one group, nicknamed London Blue, outright purchased a $1,500 yearly subscription to a service last year. London Blue went on to download 50,000 leads in 6 months.

The groups could craft and refine a single spear-phishing email that would work against a wide variety of similar executives just by substituting different company names and small details.

  • It's more efficient than the older method of target acquisition — scraping lists of names from websites — but it still takes time to work. It took 18 days after a scammer downloaded the name of an Agari executive, said Hassold, before a phishing email arrived.
  • Targeting Agari isn't a particularly bright move, all things considered, but once the scammers get a name from a lead-generation service, they don't do further research. If they cast a wide enough net to find someone who takes the bait, they don't need to.

What they're saying: Axios reached out to six lead-generation firms that criminal groups used in the past, as identified by a security source that asked to remain anonymous to protect its information-gathering operation. None of the firms responded.

  • A quick look around the industry shows these services don't use upfront screening policies that would thwart scammers. And even a firm that did have screening policies in place appeared unaware of the scammer problem and was screening mostly to prevent spam.

The bottom line: Business email compromises reported to the FBI cost firms more than $1.2 billion in the United States alone in 2018, double the proceeds of 2017.

Go deeper: A look inside a Nigerian email scam group active since 2008

Go deeper

2 hours ago - Politics & Policy

Inhofe loudly sets Trump straight on defense bill

Sen. Jim Inhofe speaks with reporters in the Capitol last month. Photo: Samuel Corum/Getty Images

Senator Jim Inhofe told President Trump today he'll likely fail to get two big wishes in pending defense spending legislation, bellowing into his cellphone: "This is the only chance to get our bill passed," a source who overheard part of their conversation tells Axios.

Why it matters: Republicans are ready to test whether Trump's threats of vetoing the bill, which has passed every year for more than half a century, are empty.

Conspiracy theories blow back on Trump's White House

Sidney Powell. Photo: Tom Williams/CQ-Roll Call, Inc via Getty Images

President Trump has rarely met a conspiracy theory he doesn't like, but he and other Republicans now worry the wild tales told by lawyers Sidney Powell and Lin Wood may cost them in Georgia's Senate special elections.

Why it matters: The two are telling Georgians not to vote for Republicans David Perdue and Kelly Loeffler because of a bizarre, baseless and potentially self-defeating theory: It's not worth voting because the Chinese Communist Party has rigged the voting machines.

2 hours ago - Politics & Policy

Bolton lauds Barr for standing up to Trump

John Bolton. Photo: Jabin Botsford/The Washington Post via Getty Images

John Bolton says Attorney General Bill Barr has done more to undercut President Trump's baseless assertions about Democrats stealing the election than most Senate Republicans by saying publicly that the Justice Department has yet to see widespread fraud that could change the election's outcome.

What he's saying: “He stood up and did the right thing," Bolton said in a Wednesday phone interview.