In November 2020, Group-IB and INTERPOL revealed details about operation Falcon, which targeted members of a Nigerian cybercrime ring engaged in business email compromise (BEC) and phishing. The prolific gang, dubbed TMT, compromised at least 500,000 companies in more than 150 countries since at least 2017.
Phishing is TMT’s main attack vector. It also remains the most popular tool among both nation-state hackers and scammers, and nearly every attack involves phishing: websites, accounts, or mailouts with malicious archives or links. Over nearly 20 years, Group-IB has accumulated a lot of practical knowledge about identifying cybercriminals involved in phishing. Try the following steps to guide your next investigation.