These devious cybercriminals impersonate law firms to steal your data

News
By published

Crimson Kingsnake is up to some blind BEC attacks

A laptop showing lots of email notifications
(Image credit: Shutterstock)

Cybersecurity researchers have spotted crooks impersonating major law firm powerhouses to try and trick people into making payments for bogus work. 

Experts from Abnormal Security uncovered a brand new Business Email Compromise (BEC) attack, conducted by a threat actor dubbed Crimson Kingsnake.

In the attack, the threat actors would send out an email, pretending to be one of a number of large American law firms, requesting payment for work that was allegedly done months ago. 

Talking to themselves

The targets are most likely chosen at random, in what researchers describe as “blind BEC attacks” - so in other words, the attackers would cast a wide net and see what sticks.

The email itself is quite meticulously crafted, using big names such as Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. Obviously, it’s typosquatted (the email address is almost identical to the authentic email belonging to the impersonated law firm, but not quite identical), but the body holds all the right logos and letterheads. It’s also punctual, which is not a feature we usually see in BEC and phishing attacks.

It gets even more interesting when the victim challenges the attacker. Should they question the work, the payment, or anything else of the sorts, the attackers would add in a third persona, a fake executive from the target firm, who would then “confirm” the authenticity of the request, and “approve” the payment.

"When the group meets resistance from a targeted employee, Crimson Kingsnake occasionally adapts their tactics to impersonate a second persona: an executive at the targeted company," the report reads. 

Read more

> The many moving parts of business email compromise

> Your boss isn't really emailing you - it's a scam

> Here are the best firewalls around

“When a Crimson Kingsnake actor is questioned about the purpose of an invoice payment, we've observed instances where the attacker sends a new email with a display name mimicking a company executive. In this email, the actor clarifies the purpose of the invoice, often referencing something that supposedly happened several months before, and “authorizes” the employee to proceed with the payment."

Despite everyone’s best efforts, phishing emails and business email compromise attacks are still one of the most popular ways for cybercriminals to conduct their raids. Employees on the receiving end of these emails are often reckless, overworked, or distracted, doing things they wouldn’t normally do, including making wire transfers, downloading attachments, signing into services through links provided in the email, etc. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
Shopping scams
New wave of sextortion scams uses personal details and images to intimidate targets while bypassing traditional security measures
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Red padlock open on electric circuits network dark red background
Aviation firms hit by devious new polyglot malware
Latest in Security
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Data leak
Top collectibles site leaks personal data of nearly a million users
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Latest in News
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge benchmark leak has eased my worries about its performance
Google Pixel 9 in green Wintergreen color showing AI features on screen
Older Pixels just got a big performance boost, while the Pixel 9a is lacking a key feature
Wonka poster
Netflix cooks up sweet new reality TV series based on Charlie and the Chocolate Factory, and it's a dream come true for me
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
Hugging Snap
This AI app claims it can see what I'm looking at – which it mostly can
Apple iPhone 16 Pro Max REVIEW
The latest batch of leaked iPhone 17 dummy units appear to show where glass meets metal on the new designs
More about security
ransomware avast

Ransomware attacks are costing Government offices a month of downtime on average
Data leak

Top collectibles site leaks personal data of nearly a million users
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.

A fresh Samsung Galaxy S25 Edge benchmark leak has eased my worries about its performance
See more latest
Most Popular
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge benchmark leak has eased my worries about its performance
Google Pixel 9 in green Wintergreen color showing AI features on screen
Older Pixels just got a big performance boost, while the Pixel 9a is lacking a key feature
Wonka poster
Netflix cooks up sweet new reality TV series based on Charlie and the Chocolate Factory, and it's a dream come true for me
Google NotebookLM on a MacBook.
Google’s NotebookLM adds Mind Maps to its string of research tools to help you learn faster than ever
Mark S and Helly R standing by their desks bathed in blue light in Severance's season 2 finale
Severance season 2 episode 10 ending explained: what does Mark do, who dies, will there be a season 3, and more big questions answered
YouTube Premium
Would you pay for better sound on YouTube? The video-sharing platform could soon let you control audio quality, but it'll cost you
Hugging Snap
This AI app claims it can see what I'm looking at – which it mostly can
Citroen 2CV
The retro EV resurgence is in full swing, as Citroen confirms the iconic 2CV will return with batteries
I Hate This Place artwork
Bloober Team is keeping busy as it announces its next survival horror game I Hate This Place and offers a new look at its upcoming title Cronos: The New Dawn
Equal1 Bell-1 quantum computer
This is the first quantum computer you can actually buy (and use, and power): Equal1's Bell-1 uses a standard power socket