A business email compromise (BEC) group named ‘Crimson Kingsnake’ has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments.
The threat actors impersonate lawyers who are sending invoices for overdue payment of services supposedly provided to the recipient firm a year ago.
This approach creates a solid basis for the BEC attack, as recipients may be intimidated when receiving emails from large law firms like the ones impersonated in the scams.
Analysts at Abnormal Security, who first discovered Crimson Kingsnake activity in March 2022, report having identified 92 domains linked to the threat actor, all similar to genuine law firm sites.
This typosquatting approach enables the BEC actors to send out emails to victims via an address that appears authentic at first glance.
The emails contain the logos and letterheads of the impersonated entities and are crafted professionally, featuring punctual writing.