A report released by cybersecurity firm Agari has come to a conclusion that we have experienced all year—that a hacking group in Nigeria, dubbed “London Blue,” is targeting CFOs and Controllers in small businesses to multinational corporations to trick them into sending funds through wire transfers.

We have seen too many of them, and the pattern is disturbing. Forensic experts are hired to determine the cause of the fraud, and the fraud is invariably as a result of a successful phishing email that mimics a company insider or a known and trusted vendor, and requests the payment of an invoice or a wire for business purposes.

According to the report, more than half of the victims of this Nigerian hacking group are in the United States. According to the FBI, the fraud losses experienced by businesses around the world total more than $12 billion.

The sophistication of the scheme is impressive. That’s because, according to Agari, London Blue has employed individuals who are working on the fraud scheme just as we work for legitimate purposes. They employ people to work on sales, email marketing, business intelligence, financial resources and human resources. London Blue is able to carry out attacks in 17 languages and has at least 17 collaborators in the US, UK, and the EU.

While investigating London Blue, Agari obtained a list of London Blue’s potential targets which included more than 50,000 finance executives, 71% of whom were CFOs of their company. Mortgage companies were a specific target, with a goal to steal real estate purchases or lease payments.

According to Agari, London Blue has engaged a commercial data provider to assist in obtaining information about those on its list of targets, including executives’ names, titles, personal email addresses and company email addresses.

If you are a CFO, Controller or executive, or involved in a mortgage company, beware of this threat and consider implementing new processes in the company for wire transfers and real estate purchases and leases.