Is that email from the person you think it is?

Often criminals pretend to be someone from within your company in order to trick you into transferring money or share information that they can later use in an attack.

Here’s a very simple one that arrived yesterday, apparently from the CEO’s email account:


How much are we paying in fees for our business account?

[CEO’s first name]

That’s it. No phishing link, no typos or fake graphics, and it’s using casual language, as if between people who know each other well. But a/. it’s not the kind of question that this CEO would have asked and b/. checking the actual email address indicates that it is from somewhere very odd indeed.

So what is the point of it? Probably to start a conversation in which the recipient would have revealed the name of the bank that the company does use, and possibly some other useful information to support a targeted attack. Or the attacker may even have persuaded the recipient to transfer money to “a bank account with lower fees” (otherwise known as the criminal’s bank account).  

In this case, the criminal hadn’t got access to the CEO’s email account, and it was easy to spot something was wrong—but this isn’t always the case. This kind of email attack is on the rise and is a threat to organisations of all sizes.

The NCSC has produced new guidance to help protect your organisation from this kind of attack, which is known as business email compromise. It’s worth taking time to check whether you have implemented their recommended steps—these attacks can be very convincing.  

If you’d like help with implementing cyber security measures in your own business, contact the Click and Protect team on 0113 733 6230, or via our contact form.