It used to be that one of the sure ways to identify a phishing email was to notice grammatical errors or broken English in the text of the communication. Thanks to new translation tools like Google Translate, which are available worldwide, threat actors can translate a phishing email into any language, so it sounds authentic to the recipient and pull off a business email compromise attack (BEC) effortlessly.

Unfortunately, that is exactly what two threat actor groups are doing as we speak. According to Abnormal Intelligence, threat groups Midnight Hedgehog, “which engages in payment fraud,” and Mandarin Capybara, “a group that executes payroll diversion attacks” have “launched BEC campaigns in at least 13 different languages.”

According to Abnormal Intelligence, threat actors are using the same legitimate commercial tools that sales and marketing teams use to launch BEC campaigns, including collecting “leads” in a state or country. Using translation tools, they can launch multiple campaigns in different countries using the same text translated into the native language.

Midnight Hedgehog launches payment fraud attacks by targeting finance personnel and executives involved in financial transactions by spoofing the CEO. Before doing so, they “thoroughly research their target’s responsibilities and relationship to the CEO and then create spoofed email accounts that mimic a real account.”

The Mandarin Capybara group also impersonates executives and targets human resources personnel to carry out payroll diversion schemes to change direct deposit information to divert the executive’s pay to a fraudulent bank account. To combat these attacks, Abnormal Intelligence suggests that companies “put procedures in place to verify outgoing payments and payroll updates and keep your workforce vigilant with security awareness training.” It also suggests beefing up security through behavioral analytics.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.