>
Cybersecurity researchers have seen scammers posing as big law firm powerhouses to try to trick people into making payments for fake work.
Abnormal Security experts have discovered a brand new Business Email Compromise (BEC) attack, carried out by a threat actor named Crimson Kingsnake.
In the attack, the threat actors would send an email (opens in new tab)posing as one of a number of major US law firms, demanding payment for work allegedly done months ago.
talking to oneself
The targets are most likely chosen at random, in what researchers describe as “blind BEC attacks” — in other words, the attackers would cast a wide net and see what sticks.
The email itself was created quite carefully, using big names like Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. It’s obviously typosquatted (the email address is almost identical to the authentic email from the impersonated law firm, but not quite identical), but the body contains all the correct logos and letterheads. It’s also punctual, which we don’t usually see with BEC and phishing attacks.
It gets even more interesting when the victim challenges the attacker. If they questioned the work, payment or anything else, the attackers would add a third person, a fake manager of the target company, who would then “confirm” the authenticity of the request and make the payment.
“When the group encounters resistance from a target employee, Crimson Kingsnake occasionally adapts their tactics to impersonate a second person—an executive at the target company,” the report said.
“When a Crimson Kingsnake actor is questioned about the purpose of a bill payment, we’ve seen instances where the attacker sends a new email with a display name that resembles a corporate executive. In this email, the actor clarifies the purpose of the bill, often referring to something that supposedly happened several months earlier, and “authorizes” the employee to proceed with the payment.”
Despite everyone’s best efforts, phishing emails and corporate email attacks are still one of the most popular ways for cybercriminals to carry out their raids. Employees on the receiving end of these emails are often reckless, overworked or distracted and doing things they wouldn’t normally do, such as making wire transfers, downloading attachments, logging into services via links in the email, etc. .
Through: BleepingComputer (opens in new tab)