A newly found group named Lilac Wolverine has been associated with BEC gift card scams that resulted in the compromise of personal email accounts. The group is highly centralized in Nigeria, a place that is historically popular among BEC actors. As reported by Abnormal Security, Lilac Wolverine’s overall attack tactics are like Vendor Email Compromise (VEC) attacks, except that instead of targeting businesses, the group goes after personal email accounts. Targeted email accounts are hosted on AOL, Yahoo, BellSouth, Verizon, and Rogers webmail services. Rather than sending messages directly from the compromised accounts, the group spoofs the contact details from the compromised accounts as a part of its infection chain process. The unsolicited emails appear to ask for a favor by asking the target to purchase gift cards for a friend’s birthday from Amazon. Sometimes, these messages also include sensitive topics, such as the birthday of a fictional friend who has cancer or a lost loved one to COVID-19, to manipulate the recipients into sharing the gift cards. Lilac Wolverine typically requests easily available cards that recipients are likely familiar with, including Amazon, Apple, and Google Play, at amounts ranging from $100 to $500 per request.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.