Scripted Sparrow: Automated Phishing and Advanced BEC Threat
Automated Phishing Scam: The Scripted Sparrow Threat
The cybercrime group known as "Scripted Sparrow" is conducting advanced phishing campaigns specifically targeting finance teams and business owners.
Scripted Sparrow and the BEC Structure
Identified by cybersecurity researchers, this group is a large-scale Business Email Compromise (BEC) operation active across three continents. Attackers typically establish contact with corporate accounts by masquerading as:
- High-level consultancy firms
- Leadership training companies
Attack Tactics and Methods
The group employs highly sophisticated methods to gain victim trust and bypass corporate firewalls:
- Spoofed Chains: To establish trust, they construct fake email chains that create the impression of a prior communication history between the parties.
- Strategic Invoice Amounts: They often attach fake invoices and W-9 forms. By keeping invoice amounts under $50,000, they aim to avoid triggering high-level executive approval processes (staying under the radar).
- Filter Evasion (New Tactic): To avoid security filters, file attachments are intentionally left out in the initial messages.
- Target Verification: By inducing the target to reply to the email, they verify whether the person on the other end is active and a "suitable target."
Automation and Scale
Scripted Sparrow's operational capacity indicates that attacks are not conducted via manual efforts but through high-capacity automated systems.
Crucial Data: It is estimated that attack messages are generated via full automation and that millions of messages are distributed monthly.
Expert Recommendations and Countermeasures
Researchers note that the group is continuously expanding its operations with numerous domains, webmail accounts, and automation infrastructure.
What Should Be Done? As the volume and complexity of BEC attacks increase, the critical measures businesses must take are:
- Payment Approval Processes: Approval mechanisms should be tightened, especially for invoices under certain limits.
- Awareness: Employees need to be trained on fake email chains and missing attachment tactics.