back to article Double-check demand payment emails from law firms: Convincing fakes surface

A new threat group called Crimson Kingsnake is impersonating real law companies and debt recovery services to intimidate businessess into paying bogus overdue invoices. The cybercrime gang's business email compromise (BEC) campaign is targeting marks in the US, Europe, Australia, and the Middle East using blind third-party …

  1. Paul Herber Silver badge

    Crimson King

    King Crimson - it's the 21st century, it's enough to make you paranoid, not schizoid!

    1. Ken Moorhouse Silver badge

      Re: Crimson King

      Giles Giles & Fripp: A very convincing name for a firm of lawyers.

      1. Ian Moffatt 1

        Re: Crimson King

        As was Emerson, Lake and Palmer ;)

    2. sketharaman

      Re: Crimson King

      LOL.

      The emails on which the prophets wrote are cracking at the subject line, CON fusion will be the epitaph of the victims...

  2. Mayday
    Megaphone

    Cyber awareness training g

    “ As with any social-engineering attack, cybersecurity awareness training for employees also is important”

    Good luck with that. The human link in the cyber chain is the guaranteed point where fuckups can and do happen.

    1. Anonymous Coward
      Anonymous Coward

      Re: Digital Failures

      Most security issues come down to digital failures - the digit being at the end of somebody's arm.

  3. PhilipN Silver badge

    Fake excessive lawyer invoices

    Same as the real thing then.

  4. Anonymous Coward
    Anonymous Coward

    Who are Double-Check?

    And why do they demand payment emails from law firms?

  5. heyrick Silver badge

    My rule is very simple

    Anybody sending an invoice for payment does so by post on headed paper.

    1. Mike 137 Silver badge

      Re: My rule is very simple

      I get quite a few invoices by email (commonly as PDF attachments) but always for services or goods I know I committed to. However:

      "The emails look real and if the targets were to search Google for the lawyers' or law firms' names, they would seem legitimate"

      If you solely rely on goooooooogle to verify the legitimacy of the source, you clearly don't understand verification. How about phoning the law firm to check whether they sent the (obviously unexpected) invoice?

      A little bit of nouse goes quite a long way.

    2. Dimmer Silver badge

      Re: My rule is very simple

      The hack I am seeing is to get a customer to redirect payments to them. The get an outlook rule on the vendors accounting pc and redirect all emails to them.

      They then use the info to send directly to the customer an altered copy of a ligit email requesting payment redirect to an ACH account. The domain appears to be the vendors, until you look closely.

      They also have been successful accessing bank accounts this way.

      Admins, control your rules in your users outlook.

  6. Anonymous Coward
    Anonymous Coward

    Rule of thumb

    If a demand for money comes via email, question everything........you'd think we'd have learned that by now what with all those Nigerian princes and lottery winnings......

  7. WolfFan

    Simple solution

    1. Look up firm allegedly sending invoices. If the firm doesn’t exist, invoice goes to File 13. If the firm exists, get an actual phone number. Compare to phone number on invoice. If can’t get actual phone number, File 13. If it’s real, they’ll attempt contact again… this time with a way to verify who they are.

    2. Call the number that _you_ dug up. Contact the relevant department. If that department doesn’t exist, inform the company that someone is attempting scams using their name. If the department exists, read off the invoice number. If it exists, ask for more information. If they decline to provide information, File 13. They are the scammers.

    Year before last I got an invoice from a law firm in Indiana. Allegedly I owed $319 to one of their clients. I had never heard of that client. I called the firm up… and got voicemail hell. I sent an email to the address that I had dug up, not the address on the email. They replied, stating that they were going to sue for what would total several thousand dollars if I didn’t pay immediately. I told them to go for it, pointing out that the invoice that they had sent identified me as living in Washington state; I was in Florida, not that I told them that, just that I was in a state on the other side of the US. This meant that they had sent me someone else’s PII, something I felt sure that the Attorney Generals in Indiana and Washington state and possibly even in Flori-duh might find interesting. And, who knows, possibly the Feds, too. They stopped emailing me. I copied the whole thing to the guy in Washington state (yes, they included his actual email in the stuff they sent, along with his street address, the last four of his credit card, and, incredibly, his complete SSN) and advised him to get a lawyer, they were sending enough information to steal his identity all over. He replied that he was seeking legal advice.

    1. Anonymous Coward
      Anonymous Coward

      Re: Simple solution

      Is it just me or does that last long paragraph not parse correctly? Confused over who are the good and bad guys......

      1. WolfFan

        Re: Simple solution

        I got something from someone claiming to be a law firm. They sent a lot of ‘proof’ that I owed a ‘client’ of theirs $319, and they were going to sue me for a total of $3499, yes, really, if I didn’t pay up immediately, no more questions, pay now or else. I told them to go for it. I used their ‘proof’ to contact the actual person who owed the $319, because they, the ‘law firm’ sent me his name, email, street address, last four of his credit card, and full SSN, as part of the ‘proof’ that I owed them, or their ‘client’, $319. They did not explain how the $319 became $3499.

        They were simply scammers, trying a thing. I suspect that the person they targeted didn’t owe the $319, either. I suspect that they were guilty of attempted interstate extortion and/or fraud. They have not contacted me since I told them to bring it on. Nor have any suits, for $3499 or anything else, been filed against me. It’s been over two years. Scam artists, plain and simple.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like