Researchers have identified the hacking group behind several widescale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Gold Galleon’s targets include maritime shipping organizations – such as companies providing ship management services, port services and cash to master services. Because the shipping industry is globally dispersed and operates in different time zones, they are completely reliant on email for communication – and thus a “low hanging fruit” for BEC scams, said James Bettke, security researcher at SecureWorks, who led the research into the group. Gold Galleon appears to be a group of at least 20 cybercriminals, who likely are based in Nigeria. To mitigate attacks, SecureWorks suggests that potential victims implement two factor authentication, and inspect corporate email control panels for suspicious redirect rules.