Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Email scammers are just like any other small business: They need leads, and commercial lead-generation services — the same kind many salespeople use — are providing them.

The big picture: Email scams targeting businesses, usually referred to as business email compromise scams, can seem unsophisticated. They typically take the form of fake invoices or emails from executives asking for money transfers. But like any other kind of enterprise, they care a lot about finding new clients — or, in their case, victims.

Background: In the past, we've covered how criminal groups operate like corporations, from their help wanted ads to their customer support hotlines. This is just the latest example.

  • Email fraudsters became known as "Nigerian scammers" in the early days of the web, when people around the world started to receive messages from bogus Nigerian princes seeking cash assistance. But the name is apt — the major groups actually do operate out of West Africa, and particularly Nigeria.

Details: "Of the West African groups we've profiled, nearly all of them use lead-generation sites," said Crane Hassold, senior director of threat research at Agari, a firm that tracks how email scam groups operate.

  • The criminal groups Agari has observed all used different lead-generation firms.
  • The sites offer users customizable searches for targets. For example, you could look up chief financial officers for tech companies of a certain size and revenue in California.
  • The groups Agari has tracked would sign up for free trials under a series of email accounts using the "Gmail dot" trick, though one group, nicknamed London Blue, outright purchased a $1,500 yearly subscription to a service last year. London Blue went on to download 50,000 leads in 6 months.

The groups could craft and refine a single spear-phishing email that would work against a wide variety of similar executives just by substituting different company names and small details.

  • It's more efficient than the older method of target acquisition — scraping lists of names from websites — but it still takes time to work. It took 18 days after a scammer downloaded the name of an Agari executive, said Hassold, before a phishing email arrived.
  • Targeting Agari isn't a particularly bright move, all things considered, but once the scammers get a name from a lead-generation service, they don't do further research. If they cast a wide enough net to find someone who takes the bait, they don't need to.

What they're saying: Axios reached out to six lead-generation firms that criminal groups used in the past, as identified by a security source that asked to remain anonymous to protect its information-gathering operation. None of the firms responded.

  • A quick look around the industry shows these services don't use upfront screening policies that would thwart scammers. And even a firm that did have screening policies in place appeared unaware of the scammer problem and was screening mostly to prevent spam.

The bottom line: Business email compromises reported to the FBI cost firms more than $1.2 billion in the United States alone in 2018, double the proceeds of 2017.

Go deeper: A look inside a Nigerian email scam group active since 2008

Go deeper

Mike Allen, author of AM
6 mins ago - Politics & Policy

Biden adviser Cedric Richmond sees first-term progress on reparations

Illustration: "Axios on HBO"

White House senior adviser Cedric Richmond told "Axios on HBO" that it's "doable" for President Biden to make first-term progress on breaking down barriers for people of color, while Congress studies reparations for slavery.

Why it matters: Biden said on the campaign trail that he supports creation of a commission to study and develop proposals for reparations — direct payments for African-Americans.

Cyber CEO: Next war will hit regular Americans online

Any future real-world conflict between the United States and an adversary like China or Russia will have direct impacts on regular Americans because of the risk of cyber attack, Kevin Mandia, CEO of cybersecurity company FireEye, tells "Axios on HBO."

What they're saying: "The next conflict where the gloves come off in cyber, the American citizen will be dragged into it, whether they want to be or not. Period."

Cedric Richmond: We won't wait on GOP for "insufficient" stimulus

Top Biden adviser Cedric Richmond told "Axios on HBO" the White House believes it has bipartisan support for a stimulus bill outside the Beltway.

  • "If our choice is to wait and go bipartisan with an insufficient package, we are not going to do that."

The big picture: The bill will likely undergo an overhaul in the Senate after House Democrats narrowly passed a stimulus bill this weekend, reports Axios' Kadia Goba.