It started with an email…
by Aaron Flack on Apr 11, 2023
It’s a bright, sunny autumn morning. A fresh crispness in the air barely hints at the colder weather to come. Jane swipes her security card at the main door and waves to the security guard as she heads to the lift.
“I’ll take the stairs tomorrow,” she thinks to herself.
On the third floor, Jane swipes her card again to get into her office. She’s the first one in, as usual.
Jane notices a new poster by reception titled Internal Email Protection and is reminded of the webinar that IT recently hosted all about email security and how to spot hackers.
She heads to the kitchen to make coffee. Double shot today. It is 8am on Monday morning after all.
The fancy machine has her drink ready in no time, so Jane is soon at her desk, logging in to her computer and firing up her email.
“Right then,” she scans the unread messages in her inbox, “what have we got today?”
___________
“Oh man, I can’t be late again,” Peter groans as he steps out of the station and into the bright sunlight. He squints and curses himself for forgetting his sunglasses as he breaks into a brisk walk.
By the time he reaches the office he’s built up an uncomfortable sweat. “Why is it so warm still in October?” he wonders.
He’s five minutes late but at least there’s not one of those card access systems that tracks every movement. As long as he can sneak in without his boss noticing he’ll be fine.
“Peter! Nice of you to join us.”
Oh.
“Morning. Sorry, my train was—”
“Whatever, I don’t want to hear it. Just get on with your work, we’ve got a busy day today.”
Peter nods and scurries to his desk. At least he doesn’t have to wait for his computer to boot up. It’s just as he left it on Friday - email open, ready to go.
___________
By 9am, Jane has dealt with all her new emails. Except for one. It didn’t look quite right so she decided to get all the simple stuff of the way first and then come back to it when she could give it her full attention.
It’s from someone she knows. Well, knows of. Graham, in the sales team. The strange thing is he’s sent over new payment account details for a supplier. Now, it’s not unusual for a salesperson to chase up a supplier as holdups at that end could delay products getting to customers. But any changes to payment details would normally come straight from the supplier to Jane’s team. Graham appears to have forwarded an email from the supplier, but Jane knows that isn’t the same as receiving it directly. The real clincher is the timing of the email. 7:45am. She knows for a fact that the sales team don’t start work that early, and definitely not on a Monday.
So, she picks up the phone and dials Graham’s extension.
Someone else answers and explains that he’s on holiday this week.
“How strange,” Jane thinks. “I’d better check this with IT, this sounds like one of those spear phishing things they told us about.”
___________
“Peter! You’re late for the meeting!”
“Sorry, sorry, just sorting out my emails, I’ll be there in a sec.”
Peter yawns and mutters under his breath. Not quite loud enough for his boss to hear.
He has an email marked URGENT open on his screen. Something about changing supplier payment details so a big order can be processed this morning.
“Always so impatient these salespeople,” Peter thinks. “Good job I’ve already got that system open. I can change those details in no time.”
He copies the details from the email into the accounts system and sends a quick reply to let sales know it’s done. “Bet I don’t even get a thank you,” he sighs.
Peter jumps up from his desk, leaving his computer unlocked again. Sure, someone might change his background to something silly while he’s gone, but it’s kinda funny. And then he can get them back later.
___________
“No, it’s no trouble at all Jane. It’s like we always say, if you’re unsure about anything it’s best to double check. We’ve got lots of security controls in place, like firewalls and endpoint protection, but hackers can be really devious, and use tricks like this to fool our employees into doing their bidding.”
Jane smiles to herself and forwards the email as requested.
“Yep, this definitely looks like the Ciphers.”
“Who?”
“The Clan of Ciphers. It’s a hacking group that has been getting a lot of attention recently. This has got their fingerprints all over it. It looks like a BEC attack.”
“BEC?”
“Sorry, we love our acronyms here. Business email compromise. They spoof an email address that you recognise and then ask for some sort of payment or account change. They try and trick people into handing over money or confidential information. I’ll run some checks on the server and see if we can trace them.”
“What should I do with the email?”
“Delete it please. It definitely didn’t come from Graham. And good job spotting it, this could have been nasty.”
“Well, I remembered the webinar you hosted recently, all the stuff about brand protection, that’s why I was suspicious.”
Jane hangs up and greets her colleague opposite who’s just arrived.
“Busy morning, Jane?”
“Oh, no more than usual. Looks like there’s another email scam going around but IT are on it.”
___________
“Peter! Where have you been?”
“Um, in a meeting? I—”
“Never mind. Did you update the account details for Atlantis this morning?”
“Er, yeah? I think so, I was in a rush. There was an urgent—”
“Who made the request?”
“I had an email, from, er, someone in sales.”
“Right, well we’ve just sent them payment for that big order we’ve been working on for months.”
“Oh great, good job I changed—”
“No! Not great. They haven’t received it. The money is gone.”
“But…”
___________
The email Peter had received was very similar to the one Jane had. It looked as though it was from a colleague, but it had in fact originated outside the organisation. From the Clan of Ciphers. The new account details were theirs and they now have all the money intended for the supplier. Peter’s company is out of pocket and unable to fulfil their customer’s order on time.
“How was I supposed to know?” Peter asks as he sits in his boss’s office. “It was an urgent email from sales.”
“Since when have sales been responsible for payment details for suppliers?”
“Well, er, I mean…”
“Exactly. Look, this is bad. We’re talking about hundreds of thousands of pounds that we might not get back here. People could lose their jobs.”
Peter gulps and slumps in his chair. It’s not even lunchtime yet. What a start to the week.
___________
Don't be a Peter. Be a Jane.
Protect your business from domain spoofing scams like Jane's employer.
Are you concerned about the cyber security risks facing your organization? Take the first step towards stronger protection. Discover how our expert services can help your organization avoid the same mistakes. Contact us today to schedule a consultation and take the next step towards securing your business.
Don't be a Peter. Be a Jane.
You May Also Like
These Related Stories
Become PCI DSS v4 Compliant with Conosco EDS
The Payment Card Industry Data Security Standard (PCI DSS) is an internationally recognised information security standar …
Strengthening Your Castle: The Importance of Email Domain Security
In today's digital age, email is the backbone of communication for individuals and businesses alike. However, the conven …
Information & Cyber Security – Your Questions Answered
According to the Institute of Directors (IoD), there are more than 7 million cyber-crime attacks on small to mid-sized b …