Education

Scarlet Widow BEC Scams Hit Education Institutions

26 February - 5 March 2019

A Nigerian-based group called Scarlet Widow has recently switched from phishing large corporations to attacking education institutions and non-profit organisations.
Cyber_News_Educations
A Nigerian-based group called Scarlet Widow has recently switched from phishing large corporations to attacking education institutions and non-profit organisations. The attack starts by compromising an email account either through phishing, brute forcing accounts secured with weak password or credential stuffing attacks using data from publicised third-party leaks. After obtaining email access, the group tricks employees into buying Apple iTunes or Google Play gift cards and sending the activation pins over via email. The gift cards are then sold in legitimate online exchanges for cash received via bank transfers. Scarlet Widow has targeted schools in US, UK, Australia and New Zealand with more than 1,600 attacks since September 2018. 

References:
[1] Scarlet Widow: BEC Bitcoin Laundry: Scam, Rinse, Repeat (PDF)
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence