This photo taken on January 11, 2018 shows a Marriott logo in Hangzhou in China's Zhejiang province.
Authorities in China have shut down Marriott's local website for a week after the US hotel giant mistakenly listed Chinese-claimed regions such as Tibet and Hong Kong as separate countries. / AFP PHOTO / - / China OUT        (Photo credit should read -/AFP/Getty Images)
AFP/Getty Images
This photo taken on January 11, 2018 shows a Marriott logo in Hangzhou in China's Zhejiang province. Authorities in China have shut down Marriott's local website for a week after the US hotel giant mistakenly listed Chinese-claimed regions such as Tibet and Hong Kong as separate countries. / AFP PHOTO / - / China OUT (Photo credit should read -/AFP/Getty Images)
Now playing
01:33
Marriott's guest reservation system hacked
AirTag
Apple
AirTag
Now playing
01:17
See AirTag, Apple's new device for tracking your lost stuff
Google Earth's new timelapse feature
Google
Google Earth's new timelapse feature
Now playing
01:09
Google Earth's new Timelapse feature shows 40 years of climate change in just seconds
Now playing
01:32
Scientists turned spiderwebs into music and it sounds like a nightmare
Elon Musk's Neuralink says this monkey is playing Pong with its mind
From Neuralink/Youtube
Elon Musk's Neuralink says this monkey is playing Pong with its mind
Now playing
01:41
Elon Musk's company says this monkey is playing Pong with his mind
CNN
Now playing
02:36
The truth behind Covid-19 vaccines for sale on the dark web
Now playing
05:41
NFTs have completely transformed these digital artists' lives
Boston Dynamics
Now playing
00:48
Boston Dynamics' newest robot has tentacle-like grippers
Energy and Commerce Committee/YouTube
Now playing
02:50
US lawmakers question tech CEOs on misinformation
Now playing
00:55
This robot's 'self-portrait' NFT just sold for nearly $700,000
Now playing
03:19
Slack CEO: We made an 'unforced error' in DM roll out
WASHINGTON, DC - FEBRUARY 10:  Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Pool/Getty Images
WASHINGTON, DC - FEBRUARY 10: Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Now playing
03:04
Sanders: 'I don't feel comfortable' about Trump's Twitter ban
LONDON, ENGLAND - JANUARY 16: Prince Harry, Duke of Sussex, the Patron of the Rugby Football League hosts the Rugby League World Cup 2021 draws for the men's, women's and wheelchair tournaments at Buckingham Palace on January 16, 2020 in London, England. The Rugby League World Cup 2021 will take place from October 23rd through to November 27th, 2021 in 17 cities across England. (Photo by Chris Jackson/Getty Images)
Chris Jackson/Getty Images
LONDON, ENGLAND - JANUARY 16: Prince Harry, Duke of Sussex, the Patron of the Rugby Football League hosts the Rugby League World Cup 2021 draws for the men's, women's and wheelchair tournaments at Buckingham Palace on January 16, 2020 in London, England. The Rugby League World Cup 2021 will take place from October 23rd through to November 27th, 2021 in 17 cities across England. (Photo by Chris Jackson/Getty Images)
Now playing
03:19
BetterUp CEO explains Prince Harry's role at the tech startup
An NFT digital home called Mars House by Krista Kim Studio Inc. has sold for $500,000
From Krista Kim Studio Inc./SuperRare
An NFT digital home called Mars House by Krista Kim Studio Inc. has sold for $500,000
Now playing
01:11
This digital home might cost more than your actual home
Rally Studios
Now playing
02:13
One-shot drone video of bowling alley mesmerizes internet
MyHeritage
Now playing
01:01
Watch old photos come to life using AI
(CNN Business) —  

A group of hackers based in Nigeria is trying to trick thousands of top executives across the globe into sending them company funds.

The ambitious scheme that mainly targets chief financial officers via email is described in a new report by cybersecurity firm Agari, which investigated the group after coming under attack itself.

“Targets included companies in a very broad range of sectors, from small businesses to the largest multinational corporations,” the report warns. More than half of them are in the United States.

The attackers are carrying out an increasingly common scam known as “business email compromise” in which they attempt to pose as a company insider, such as the CEO, requesting a money transfer to an outside account.

The FBI estimates that businesses around the world lost more than $12 billion through this kind of email scam between October 2013 and May 2018.

Agari said that the Nigerian group, which it calls “London Blue,” has developed a highly sophisticated operation to dupe money out of finance executives.

“London Blue operates like a modern corporation,” the report says. The group has people working on business intelligence, sales, email marketing, financial operations and human resources, according to Agari.

It carries out attacks in multiple languages and has at least 17 collaborators in the United States, United Kingdom and other Western European countries who are mainly involved in moving stolen money, Agari added.

50,000 finance execs on the target list

The email security firm said that during its investigation, it got hold of a list of the group’s potential targets this year that contained more than 50,000 finance executives, of which 71% were CFOs.

Agari declined to reveal how it secured the data, other than saying it had actively engaged with the scammers. It said it had shared the info with US and UK law enforcement.

“Several of the world’s biggest banks each had dozens of executives listed,” it said. “The group also singled out mortgage companies for special attention, which would enable scams that steal real estate purchases or lease payments.”

As well as the United States, companies in more than 80 other countries were on the list, including Spain, the United Kingdom, Finland, the Netherlands and Mexico.

Agari said it became aware of London Blue after the group tried to trick the security firm’s own CFO in August. Agari said it “then engaged actively with the attacker, giving us an initial glimpse of the gang that we would widen into a penetrating X-ray.”

London Blue relies on commercial data providers, most recently one based in San Francisco, to build up its list of targets and gather information about them, according to the report. That includes executives’ names, company titles, work email addresses and personal email addresses.

The list of more than 300 potential targets on which Agari’s CFO appeared was obtained by London Blue from a commercial data provider in November 2017.

The list also contained information about “CFO victims at one of the world’s top private universities, a major enterprise data storage company, a famed guitar maker, casinos and hotels, a retirement home, and small and medium-sized businesses of all types,” the report says.

Agari estimated that the scam has caused damage worth hundreds of thousands of dollars.