top of page

Sophisticated Email Fraudsters Targeting Businesses



Businesses are increasingly at threat from cyber attackers who are using sophisticated emails to extract money. Leading Dorset-headquartered cyber-security company C3IA Solutions said Business Email Compromise (BEC) is a fast-developing crime.


Those within companies who have the authorisation to handle or approve financial transactions are the usual targets. One method criminals use is to create an email that looks like it comes from a known contact and worded in a way that persuades the target to send money.


But with filters and security getting better, this type of attack is proving less effective, but a more malicious method is replacing it. This is when attackers compromise a legitimate email account or IT network of a supplier, contractor or business partner.


Tactics include waiting for a genuine email asking for payment to be sent to the target, then issuing a follow-up email from the same account saying the bank details have changed – and providing the hackers’ own.


The criminals are also utilising AI so they can replicate the type of wording used in genuine emails so their fraudulent ones sound right as well as look right.


Rory Griffin from C3IA Solutions, based in Poole, said:

“Government figures show that about half of all businesses have reported a cyber breach or attack, and BEC attacks make up a large number of them."

“The attacks using personalised, impersonation emails are becoming less and less likely to succeed because of better filters and security. But a compromised, legitimate and known email account would not be picked up by spam filters, and the recipient already trusts information from that account. This is what hackers are now using."


“And utilising AI means that even if the criminals are working from abroad and don’t speak English, they can accurately replicate wording that the recipient would recognise. Businesses are only responsible for the cyber security measures inside their own organisations, but it doesn’t mean they can’t speak to business partners to discuss mutual security."


“Collaborating with contacts and partners could prove a valuable alliance. It is worth finding out if partners use multi-factor authentication or two-step authentication across all their accounts. It is useful to decide upon an unwritten one-time codeword only to be used if the already-agreed and documented bank details are changed."


"Internal cyber security practices can also be improved, by such things as specialised training for the employees who handle or approve financial transactions. This could include things like following up a change in bank details with a telephone call, in order to prove it is genuine. Although not always practical, this would be an extra assurance step before transferring money out of the business."


“Not all protective measures need to be technical in nature; a renewed sense of understanding, gained through education and awareness activities, is sometimes all that is required to identify and thwart a potential cyber-attack.”

Most Read

Derbyshire Beauty Salon 'Made-Up' By Awards Win

Derbyshire Beauty Salon 'Made-Up' By Awards Win

A Derbyshire beauty salon is celebrating after winning top prize in its category at the industry’s biggest national beauty awards...

Strategic Promotions At Vail Williams

Strategic Promotions At Vail Williams

Property consultancy Vail Williams has made four strategic mid-year promotions as business demand continues to grow. These include a...

Inspirational Ladies Return To House Of Commons For 2025 Awards

Inspirational Ladies Return To House Of Commons For 2025 Awards

A prestigious event at London’s House of Commons this week marked the launch of a national awards campaign to celebrate some the...

Categories



Businesses are increasingly at threat from cyber attackers who are using sophisticated emails to extract money. Leading Dorset-headquartered cyber-security company C3IA Solutions said Business Email Compromise (BEC) is a fast-developing crime.


Those within companies who have the authorisation to handle or approve financial transactions are the usual targets. One method criminals use is to create an email that looks like it comes from a known contact and worded in a way that persuades the target to send money.


But with filters and security getting better, this type of attack is proving less effective, but a more malicious method is replacing it. This is when attackers compromise a legitimate email account or IT network of a supplier, contractor or business partner.


Tactics include waiting for a genuine email asking for payment to be sent to the target, then issuing a follow-up email from the same account saying the bank details have changed – and providing the hackers’ own.


The criminals are also utilising AI so they can replicate the type of wording used in genuine emails so their fraudulent ones sound right as well as look right.


Rory Griffin from C3IA Solutions, based in Poole, said:

“Government figures show that about half of all businesses have reported a cyber breach or attack, and BEC attacks make up a large number of them."

“The attacks using personalised, impersonation emails are becoming less and less likely to succeed because of better filters and security. But a compromised, legitimate and known email account would not be picked up by spam filters, and the recipient already trusts information from that account. This is what hackers are now using."


“And utilising AI means that even if the criminals are working from abroad and don’t speak English, they can accurately replicate wording that the recipient would recognise. Businesses are only responsible for the cyber security measures inside their own organisations, but it doesn’t mean they can’t speak to business partners to discuss mutual security."


“Collaborating with contacts and partners could prove a valuable alliance. It is worth finding out if partners use multi-factor authentication or two-step authentication across all their accounts. It is useful to decide upon an unwritten one-time codeword only to be used if the already-agreed and documented bank details are changed."


"Internal cyber security practices can also be improved, by such things as specialised training for the employees who handle or approve financial transactions. This could include things like following up a change in bank details with a telephone call, in order to prove it is genuine. Although not always practical, this would be an extra assurance step before transferring money out of the business."


“Not all protective measures need to be technical in nature; a renewed sense of understanding, gained through education and awareness activities, is sometimes all that is required to identify and thwart a potential cyber-attack.”

Most Read

Derbyshire Beauty Salon 'Made-Up' By Awards Win

Derbyshire Beauty Salon 'Made-Up' By Awards Win

A Derbyshire beauty salon is celebrating after winning top prize in its category at the industry’s biggest national beauty awards...

Strategic Promotions At Vail Williams

Strategic Promotions At Vail Williams

Property consultancy Vail Williams has made four strategic mid-year promotions as business demand continues to grow. These include a...

Inspirational Ladies Return To House Of Commons For 2025 Awards

Inspirational Ladies Return To House Of Commons For 2025 Awards

A prestigious event at London’s House of Commons this week marked the launch of a national awards campaign to celebrate some the...

Categories

Land With Potential For Mooring On The River Trent Is Up For Sale

Land With Potential For Mooring On The River Trent Is Up For Sale

A rare strip of riverside land on the banks of the River Trent in West Bridgford is up for sale. The approximately 30-metre strip of land...

Eurostar Foods Launches Green Farm Collective

Eurostar Foods Launches Green Farm Collective

The four farmer founders of The Green Farm Collective (TGFC) have teamed up with Eurostar Commodities to develop a line of flours...

Property Consultancy Batting For Middlesex Disability Cricket

Property Consultancy Batting For Middlesex Disability Cricket

Property consultancy Vail Williams is padding up to support Middlesex Cricket’s disability squads for the 2025 season. The firm will...

Recent Posts

bottom of page