New BEC group set for a major campaign.
N2K logoNov 30, 2022

Lilac Wolverine is using business email compromise to snuffle after gift cards.

New BEC group set for a major campaign.

Abnormal Security describes a business email compromise (BEC) gang dubbed “Lilac Wolverine” that’s launching widespread campaigns asking for gift cards.

Lilac Wolverine exploits personal connections.

The threat actor begins by compromising a personal email account and copying its contact list. The attackers then set up an email account with the same address as the compromised account, but on a different provider (usually Gmail, Hotmail, or Outlook). They’ll then use this account to send emails to the compromised account’s contacts:

“The initial emails seem innocuous, asking for a favor, looking to catch up, or asking if the recipient shops on Amazon, according to the most frequently used subject lines. There’s no request for money or gift cards—yet.

“Once recipients respond to the initial spoofed emails, Lilac Wolverine steers the conversation around to the goal: asking their targets to purchase gift cards for a friend’s birthday. These requests come with a plausible reason why the sender can’t buy the gift cards themselves, such as issues with their credit card or trouble making online purchases while traveling.

“Lilac Wolverine typically requests easily available cards that recipients are likely familiar with, including Amazon, Apple, and Google Play, at amounts ranging from $100 to $500 per request. They often include the ‘friend’s’ email address where the recipient can send the card.”

If the recipient is reluctant to send the money, the attackers will explain that “the fictional birthday friend also has cancer or just lost loved ones to COVID-19—or both.”

The popularity of gift card scams.

The researchers note that gift card requests are the most popular form of payment in BEC attacks, despite offering a lower payout per attack:

“The use of gift cards as a payment method in BEC attacks started increasing rapidly during the second half of 2017 and quickly became the most common form of payment requested in BEC attacks. The popularity of gift cards as a cash-out method for BEC attacks seems illogical–our data shows the average amount requested in gift card attacks this year is slightly less than $1,500, compared to nearly $80,000 for an internal impersonation payment fraud BEC attack–however, the main reason these attacks have become so popular is that the potential target population is exponentially larger.”