BEC Scam Impersonating Top Law Firms

Threat Watch

Threat Watch BEC Scam Impersonating Top Law Firms

The Crimson Kingsnake threat actor has been using typo-squatted domains to send out emails impersonating top law firms. The group uses the domains to create fake email addresses and carries out Business Email Compromise (BEC) attacks by sending emails to recipients across the world. The emails include a fake invoice directing payments to a threat actor-controlled bank account. The invoices include the letterhead and logos of the impersonated firms, and the domains appear to be legitimate at first glance. According to researchers at Abnormal Security, the impersonated firms include:

Allen & Overy
Clifford Chance
Deloitte
Dentons
Eversheds Sutherland
Herbert Smith Freehills
Hogan Lovells
Kirkland & Ellis
Lindsay Hart
Manix Law Firm
Monlex International
Morrison Foerster
Simmons & Simmons
Sullivan & Cromwell

There are no specific industries or countries that these attacks are targeting. If the recipient is reluctant for any reason, the group will go a step further and either provide a fake description for a service or insert a reply from an executive that is approving the transaction.

BEC attacks account for a very small percentage of phishing emails that are targeting companies worldwide yet is still a multibillion-dollar issue. Organizations should adapt policies to prevent BEC scams from being executed, including a verification process for all business transactions or money transfers. Because it is so easy for a threat actor to set up a typo-squatted domain, this verification should take place in person or over the phone. Companies can work to prevent being impersonated in attacks like these by employing a service such as the Binary Defense Counterintelligence team, who looks for and identifies newly registered domains that appear similar to the legitimate ones.

https://www.bleepingcomputer.com/news/security/new-crimson-kingsnake-gang-impersonates-law-firms-in-bec-attacks/

Threat Watch