A College’s finance team receive an email, purporting to be from the CEO who is based in another office, asking for a payment to be made to a supplier of £10,000, stating it is urgent and for consultation work they have already done. Even though it is unlike the CEO to make requests in this way, it is processed by a finance officer who makes the payment to the bank account information given in the email.
The payment is flagged to the CEO who says he sent no such email, and on closer inspection the email address is slightly different, with a number of spelling and style mistakes in the text also.
The business reports the incident, but it will be extremely difficult to track down who received the money and retrieve it.
This is just one type of Phishing attack which can affect businesses of every size and industry. Whether looking to steal sensitive data or, as in this case, money, smaller businesses have seen their doors shut due to the financial loss caused by cyber criminals. If you have any suspicions about the emails you receive or the links that you are being asked to click, beware.