Security News > 2022 > November > New Crimson Kingsnake gang impersonates law firms in BEC attacks
A business email compromise group named 'Crimson Kingsnake' has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments.
This approach creates a solid basis for the BEC attack, as recipients may be intimidated when receiving emails from large law firms like the ones impersonated in the scams.
"When a Crimson Kingsnake actor is questioned about the purpose of an invoice payment, we've observed instances where the attacker sends a new email with a display name mimicking a company executive."
BEC attacks are only a tiny part of all the daily phishing emails circulating in global inboxes, but even in these low volumes, it's still a multi-billion problem.
Abnormal Security's H1 2022 Email Threat Report also reports a rise in BEC attacks by 84% in H2 '21, measuring an average of 0.82 emails per 1,000 inboxes.
According to the same report, organizations with over 50,000 employees have a 95% chance of receiving a BEC email weekly.