There is an ongoing scam email campaign targeting executives from prominent organizations around the world. These reported email addresses on the domains are genuine email accounts of 'Virgin Media', 'Optimum' & 'Cox communications' users' which are compromised and sold on underground forums. Scammers buy and use such accounts as they have a higher reputation compared to newly created free accounts to bypass email gateways and spam filters and also lower their risk of being detected or tracked back in a bigger BEC attack.
These accounts are compromised by threat actors via phishing emails and malware, and the issue with such accounts will persist as long as end users are not careful enough while dealing with phishing and malicious emails. Based on our previous experience in response with the hosts Virgin Media, Optimum and Cox.net which are TV and cable providers in the UK and USA. They do not investigate email accounts reported to their abuse team without the original email and header information as this is a mandatory requirement as per their abuse policies. However, once this information is provided they do take action by resetting/recovering the reported account of the original user.
