New York, October 9, 2018 – A private, sequestered email group that you probably have never heard of – but that has helped prevent millions of dollars in fraud and assisted in taking down thousands of Nigerian scheme email accounts – was honored today with the 2018 JD Falk Award from the Messaging, Malware and Mobile Anti-Abuse Working Group. The BEC List founder and administrator, Ronnie Tokazowski, and the private email group of more than 530 members received the annual award, which recognizes an innovative project that protects online users, at the M3AAWG 44th General Meeting in Brooklyn.
The Business Email Compromise List deals with a broad assortment of criminal activity and deceptive emails, often described as “Nigerian” schemes, that use phishing and fake social media activities to attract victims. By sharing information and expertise, they have blocked spoofed emails and malware; tracked real estate, romance, IRS, W2 and lottery schemes; and identified the money “mules” used to transfer illicit funds. BEC fraud accounts for more than $12 billion in losses globally and threatens users in 150 countries, according to the FBI’s IC3 (Internet Crime Complaint Center).
The private list is managed by Tokazowski, senior malware analyst at Flashpoint, and includes cybersecurity professionals from Fortune 500 companies, leading threat research organizations, anti-virus firms, and internet infrastructure companies, many of them competitors. Law enforcement participants include the U.S. Federal Bureau of Investigation, the U.S. Internal Revenue Service Online Fraud Detection and Prevention group, the U.S. Secret Service, and other entities. While many members chose to remain anonymous, a partial list of participating organizations is available at www.m3aawg.org/FalkAwardOrgs2018 . A video describing what the group has learned about compromised email and the list’s accomplishments is at https://youtu.be/Ues_oRsTBNc.
The award also recognizes the impact a single individual can have on fighting abuse. The private group was Tokazowski’s idea and he has served as the list administrator since its inception three years ago. Since then, dozens of organizations have cooperated on the list to protect end-users and fight fraud.
“From the start, Ronnie has diligently managed the BEC List as a trusted environment, always emphasizing the need for confidentiality and respect for members’ opinions. As a result, it has become an important anti-abuse channel where actionable information is shared throughout the day between hundreds of people. This cooperative sharing has greatly benefited end-users, even though they are not aware of its existence, as the list’s behind-the-scenes involvement has contributed to over a hundred fraud-related arrests,” said Severin Walker, M3AAWG Chairman of the Board.
In 2015, Tokazowski initially reached out to a few cybersecurity researchers and law enforcement agents to discuss the compromised emails he was seeing in his work and the list was created that December with about a hundred participants. They originally focused on conventional BEC phishing emails that impersonate a targeted CEO requesting that the company’s financial staff wire funds to a fraudulent account. But as the group studied the problem, they realized it was much more extensive and often involved malware and various online and social media ruses.
Nigerian Rappers Praise Scams
Tokazowski said, “It takes a diverse set of perspectives and expertise to address business compromise email and it’s not something researchers, law enforcement, and especially the targeted users can tackle on their own. I like to describe it as, ‘it’s not my problem, it’s not your problem, it’s a problem for everyone in the industry.’ We have to come together to fix it and understand how it works.”
This effort includes learning how the perpetuators think, according to Tokazowski. “We’re also looking to identify the criminals’ motivation and how this affects the schemes. There is a different culture in many of the countries where these crimes originate, and the deception is often justified in these regions because it’s one of the few ways to earn money. You have popular rappers in Nigeria praising the scammers efforts and their methods to ‘wire wire’ stolen money from a BEC target, but without ever acknowledging the victim’s pain,” he said.
The M3AAWG JD Falk Award is presented annually to recognize a project that helps protect the internet and embodies a spirit of volunteerism and community building. The 2018 award was presented during the M3AAWG 44th General Meeting that opened October 8 in Brooklyn, New York. Over 500 security experts, ISPs, researchers, public policy representatives and vendors are participating in the four-day meeting that features more than 50 cybersecurity and information sharing sessions. M3AAWG holds three meetings each year, including one in Europe, to develop best practices and other work that will protect online users. The next M3AAWG meeting will be February 18-21, 2019 in San Francisco.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
# # #
Media Contact: pr@m3aawg.org
M3AAWG Board of Directors and Sponsors: Adobe Systems Inc.; AT&T; Comcast; Endurance International Group; Facebook; Google, Inc.; LinkedIn; Mailchimp; Marketo, Inc.; Microsoft Corp.; Oath (Yahoo/AOL); Orange; Proofpoint; Rackspace; Return Path, Inc.; SendGrid, Inc.; Vade Secure; and VeriSign, Inc.
M3AAWG Full Members: 1&1 Internet SE; Agora, Inc.; Akamai Technologies; Campaign Monitor; Cisco Systems, Inc.; CloudFlare, Inc.; Cyren; dotmailer; eDataSource Inc; ExactTarget, Inc.; IBM, iContact; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Oracle Marketing Cloud; OVH; PayPal; Spamhaus; SparkPost; Splio; Symantec; USAA; and Valimail.
A complete member list is available at http://www.m3aawg.org/about/roster.