Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

Law firms caught up in major cyber scam

At least five global law firms with an active presence in the Australian market have been targeted in the latest business email compromise scam.

user iconEmma Musgrave 24 November 2022 Big Law
Law firms caught up in major cyber scam
expand image

Lawyers Weekly understands Allen & Overy, Clifford Chance, Dentons, Herbert Smith Freehills and Hogan Lovells are among the vast number of law firms that were targeted by the business email compromise (BEC) group, Crimson Kingsnake, recently. Dentons declined to comment after a request made by Lawyers Weekly, and the others did not respond prior to deadline.

BEC attacks are a form of targeted phishing whereby cyber criminals impersonate employees and try to scam individuals and/or businesses out of money, goods and/or valuable information.

According to the Australian Cyber Security Centre’s Annual Cyber Report 2020–21, BEC attacks cost Australian organisations approximately $81 million during a 12-month period. Further, the Australian Competition and Consumer Commission (ACCC) received 11,395 reports of BEC attacks in the first half of 2022, costing businesses $12.3 million.

This particular BEC group, Crimson Kingsnake, is understood to have impersonated law firm employees, asking the recipient to approve overdue invoice payments.

The members of Crimson Kingsnake would pose as lawyers, including those in high-up executive roles, to trick and intimidate individuals into providing payment for services that were supposedly provided to them a year ago.

Abnormal Security was the first to raise the alarm on Crimson Kingsnake activity back in March this year. The San Francisco-headquartered software company identified 92 domains linked to the group.

There are certain tactics Abnormal Security said it has observed when it comes to the Crimson Kingsnake group targeting law firms.

Firstly, Crimson Kingsnake email subject lines often contain language such as “overdue”, “unpaid”, “outstanding”, or “final notice” to create a sense of urgency and importance with the recipient, Abnormal Security said.

When a first attempt is made but not successful, Crimson Kingsnake will often try again and introduce a secondary party into the email, posing as someone in an executive position, for the purpose of intimidating the recipient more.

“There are a few things organisations can do to reduce their chances of falling victim to impersonation attacks, like those we’ve seen with Crimson Kingsnake,” Abnormal Security said.

“First and foremost, it’s imperative to prevent social engineering emails from reaching employee mailboxes. To accomplish this, organisations should adopt more modern email security solutions, like a behavioural AI-based, context-aware platform.

“By using software that analyses email identities and content, social engineering attacks can be blocked before employees have the opportunity to engage with them.”

If these attacks do end up in an inbox, Abnormal Security said it’s imperative that there are robust procedures for outgoing payments in place.

“Organisations should have a process for validating that money is getting sent to the correct recipient, particularly for these high-dollar invoices. And security awareness training is imperative, as employees should know to carefully consider sender addresses, especially when an email asks them to share sensitive information or send a payment,” the group said.

The Australian Cyber Security Centre (ACSC) also has recommendations and procedures in place should organisations find themselves being targeted, such as reporting the attack to authorities via ReportCyber.

Next, the ACSC said it’s important to check your account security and secure any compromised accounts.

“Notify contacts and relevant third parties: Alert other employees and clients. Certain businesses have mandatory reporting obligations with regards to customer data breaches,” the ACSC said.

“Seek assistance defending your online brand: Domain names are your internet mail address and your online business identity. If your company has been impersonated, reach out on ReportCyber.

“Contact the email provider: If someone is using an email service to impersonate you (like Gmail or Outlook.com), report this to the provider.”

Emma Musgrave

Emma Musgrave

Emma Musgrave (née Ryan) is the managing editor, professional services at Momentum Media.

Emma has worked for Momentum Media since 2015, including five years spent as the editor of the company's legal brand - Lawyers Weekly. Throughout her time at Momentum, she has been responsible for breaking some of the biggest stories in corporate Australia. In addition, she has produced exclusive multimedia and event content related to the company's respective brands and audiences. 

Prior to joining Momentum Media, Emma worked in breakfast radio, delivering news to the Central West region of NSW, before taking on a radio journalist role at Southern Cross Austereo, based in Townsville, North Queensland.

She holds a Bachelor of Communications (Journalism) degree from Charles Sturt University. 

Email Emma on: This email address is being protected from spambots. You need JavaScript enabled to view it. 

You need to be a member to post comments. Become a member for free today!