Cybersecurity researchers have uncovered scammers posing as large law firms trying to trick people into paying for bogus jobs.
Abnormal Security experts have discovered a new Business Email Compromise (BEC) attack, carried out by a malicious actor named Crimson Kingsnake.
During the attack, the threat actors were sending an email (opens in a new tab), posing as one of the many major law firms in the US, demanding payment for work that was allegedly done months ago. .
talk to themselves
The targets are most likely chosen at random, in what the researchers describe as "blind BEC attacks"; in other words, attackers would cast a wide net and see what sticks.
The email itself is pretty meticulously put together, using big names like Kirkland & Ellis, Sullivan & Cromwell, and Deloitte. It's obviously a typo (the email address is almost identical to the genuine email belonging to the spoofed law firm, but not quite identical), but the body contains all the appropriate logos and letterhead. It's also timely, which is not a feature we often see in BEC and phishing attacks.
It becomes even more interesting when the victim challenges the offender. If they questioned the job, payment, or the like, the attackers would add a third person, a fake target company executive, who would then "confirm" the authenticity of the request and "approve" the payment.
“When the group encounters resistance from a targeted employee, the Crimson Kingsnake occasionally adapts his tactics to impersonate a second character: an executive from the targeted company,” the report states.
"When a Crimson Kingsnake actor is asked about the purpose of paying a bill, we see instances where the attacker sends a new email with a display name impersonating a corporate executive. In this email, the actor clarifies the purpose of the invoice, often referring to something that supposedly happened months before, and "authorizes" the employee to proceed with the payment."
Despite everyone's best efforts, phishing emails and corporate email compromise attacks remain one of the most popular ways for cybercriminals to carry out their raids. Employees who receive these emails are often reckless, overworked or distracted, doing things they normally wouldn't do, such as making bank transfers, downloading attachments, logging into services via links provided in the email, etc. .
Via: BleepingComputer (Opens in a new tab)