Scripted Sparrow Soars: Global Email Scam Flocks to Millions of Inboxes
Security researchers have discovered the Scripted Sparrow group, a global business email compromise gang, sending millions of targeted messages each month. These fraudsters pose as executive coaching firms and use spoofed emails to trick victims into transferring money. With operations spanning multiple countries, they’re a comedic reminder to always double-check before hitting “send.”
Hot Take:
Looks like “Scripted Sparrow” has taken flight, proving that birds of a feather scam together! This BEC gang is ruffling feathers globally with emails that are more targeted than Cupid’s arrows on Valentine’s Day. When fraudsters start moonlighting as executive coaches, it’s clear that the corporate world needs more than just a pep talk to stay secure. Watch out for those invoices, folks—they’re not just bills, they’re the new-age Trojan horses!
Key Points:
- Scripted Sparrow gang sends 4-6 million customized emails monthly, posing as executive coaching firms.
- The collective spans three continents and at least five countries, with 119 domains and 245 webmail addresses.
- They use spoofed reply chains and sometimes omit attachments to lure victims into asking for resends.
- The group utilizes location spoofing, browser plugins, and remote desktop protocol for obfuscation.
- Fortra’s analysis suggests the group is a loose collective of fraudsters, working off the same playbook.