{"id":49178,"date":"2022-11-04T18:30:08","date_gmt":"2022-11-04T18:30:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/double-check-demand-payment-emails-from-law-firms-convincing-fakes-surface\/"},"modified":"2022-11-04T18:30:08","modified_gmt":"2022-11-04T18:30:08","slug":"double-check-demand-payment-emails-from-law-firms-convincing-fakes-surface","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/double-check-demand-payment-emails-from-law-firms-convincing-fakes-surface\/","title":{"rendered":"Double-check demand payment emails from law firms: Convincing fakes surface"},"content":{"rendered":"

A new threat group called Crimson Kingsnake is impersonating real law companies and debt recovery services to intimidate businessess into paying bogus overdue invoices.<\/p>\n

The cybercrime gang’s business email compromise (BEC) campaign is targeting marks in the US, Europe, Australia, and the Middle East using blind third-party impersonation tactics, via email addresses hosted on domains that closely resemble the firms’ real domains, and sending emails that include the actual address and VAT number of the impersonated companies.<\/p>\n

All of this is to reinforce the legitimacy of the messages, according to researchers with cloud email security company Abnormal Security. The emails look real and if the targets were to search Google for the lawyers’ or law firms’ names, they would seem legitimate.<\/p>\n

\n

If a targeted employee questions the invoice, the threat group at times will send another bogus email supposedly from an executive at the employee’s company clarifying the legitimacy of the invoice<\/p>\n<\/blockquote>\n

The Abnormal Security researchers say in a report<\/a> that since March, they have detected 92 domains linked to Crimson Kingsnake that are impersonating the domains of 19 legal eagles and debt collection agencies in the US, UK, and Australia. Many of the firms are “major, multinational practices with a global footprint,” they write.<\/p>\n

The Crimson Kingsnake campaign is part of the growing threat from BEC attacks. In a report<\/a> about email threats in the first half of the year, Abnormal Security found that BEC attacks increased 84 percent year-over-year. The security company added that BEC remains a low-volume problem \u2013 less than one per 1,000 mailboxes \u2013 compared with other kinds of scams, but they also resulted in almost $2.4 billion in losses in 2021.<\/p>\n