Nigeria has been a hub for scammers since long before the Internet came into wide use, and it remains one of the world’s primary centers for active gangs, including many that are focused on BEC. But with London Blue, a Nigerian gang has extended its base of operation into Western Europe, specifically into the United Kingdom, where at least two of the primary London Blue members operate.

Using responsible active defense technique, the Agari Cyber Intelligence Division (ACID) discovered the London Blue organization and uncovered how they are operating. With extensive research, ACID now understands:

  • How London Blue operates like a modern corporation.
  • How attackers deliver semi-customized attacks on companies of all sizes.
  • Why financial executives are especially susceptible to attacks in their name.

Download your copy of the London Blue Report to learn the tactics behind business email compromise.


This report demonstrates that cybercriminal groups continue to evolve and are using formal business strategies and structure to more effectively carry out their scams. London Blue’s use of legitimate commercial sales prospecting tools shows the out-of-box thinking these groups employ to identify new targets. The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location.

ACID | Agari Cyber Intelligence Division

The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spearphishing investigation. ACID supports Agari’s unique mission of protecting communications so that humanity prevails over evil. ACID uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email attacks. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners.

Close button
Mail Letter

Would you like the confidence to trust your inbox?