What should you know about London Blue? London Blue is a group of malicious actors making use of what is known as ‘business email compromise’, and they are exceptionally skilled in this tactic. Through this attack, the group sends emails, largely to company CFOs, masquerading as a company insider – sometimes even the CEO. In the email, the bad actor requests that the company executive transfer funds for some business reason to an outside account. While you would think that such a request should raise some red flags, the attack has been done by various entities for a number of years, costing companies millions, if not billions, of dollars.

London Blue appears to be a well-financed and well-organized group, operating what effectively seems like a legitimate business. They have an extensive list of targets, rumored to be 50,000 names long. Much of the data they use to attack with is sourced from commercial data providers. With so many names on their list, there’s a decent chance your firm may have an executive or two on the list.

How can you thwart London Blue? Outside of their organization and skills, the attack vector itself should be straightforward enough to address and prevent. Much of the prevention effort -pretty much all of it – really-depends on training. In instances like this, it’s wise to consider periodic phishing simulations and other exercises. It helps to train staff to be cautious about what they read in emails, and how they respond to them. Whether your organization is being targeted by London Blue, or by any other group of bad actors, the attack vectors often remain the same. In all cases, continually educating and testing your end users is invaluable because, at the end of the day, your employees remain a vulnerable link.

Related Links: The Organized Cybercrime Workplace: Not your parents’ basement

BACK TO BLOGS