A newly discovered scammer group from Nigeria has been observed while conducting manual target validation using blank emails to verify target information before launching their business email compromise (BEC) attacks. BEC (also known as Email Account Compromise – EAC) fraud schemes are scams through which fraudsters trick one or more employees of a targeted organization into wiring money after posing as entities they trust like the company’s CEO or trusted business partners. As part of the attack chain, the crooks have to first generate a list of employees they can target and validate the collected information.
Source: https://www.bleepingcomputer.com/news/security/curious-orca-bec-scammers-use-email-probes-to-validate-targets/