Cyber Security – Email Fraud Investigation

Client Name: Corporate Organisation

The Challenge: Staff at a small business had been tricked into making payments into bogus bank accounts by an attacker using cleverly forged emails, apparently from the client’s Managing Director. Other forged emails had also been sent using different techniques and the client wished to ensure that attacks like these would not succeed again.

Overcoming the Challenge: These were sophisticated attacks, making use of a variety of technologies and leveraging simple human weakness – most staff in most organisations just want to do the right thing, but can be too helpful to an attacker if they can’t read the warning signs.

CCL collected samples of the fraudulent email for forensic analysis and conducted structured one to one interviews with Directors, senior management and the client’s outsourced IT contractor. An analysis of all the information provided during this process was performed and a report produced including:

Identification of the weaknesses exploited by the attacker
A general assessment of the client’s cyber-security maturity using Cyber Essentials as a benchmark
Suggested improvements in People, Process and Technology elements to eliminate both the weaknesses used by the attacker and others found by the benchmark.

The Result: The client implemented CCL’s suggested improvements including improvements in its technology, changes in some key business processes and staff training and awareness of contemporary cyber threats. The client has suffered no further losses and has also benefitted from improvements which make it far less susceptible to other forms of attack, including ransomware and remote access toolkits.

Sign up

Sign up to receive the latest news and insight from CCL Group.