• Protection
    • Cybercrime Fraud

Business email compromise in the real world

  • Article

Read these case studies, showing how businesses can thwart email compromise.

BEC thwarted

Wanting to keep up-to-date, a financial assistant was on annual leave when he received an email which instructed him to make an urgent payment. The email purported to be from a colleague so he quickly responded, asking if it could wait until his return.

The assistant received confirmation that this was fine.

On his first day back, the finance assistant created and authorised the payment. However, HSBC identified this as a suspicious transaction and put it on hold. The assistant was then contacted by HSBCnet Fraud Operations team, in order to verify the transaction.

The assistant confirmed that he had, indeed, created and authorised the payment. But, given the prevalence of business email compromise scams, the Fraud Operations team encouraged him to re-check the request. After speaking to the co-worker that he thought had made the original request, the assistant discovered that it was fraudulent and that his colleague's email had been compromised.

The assistant informed the Fraud Operations team and the payment was withdrawn. On this occasion, no money was lost.

The importance of communication

A finance team member received an urgent email, from the company's CFO, asking her to make a payment transfer.

The instructions were marked as `private and confidential' because they related to big business deal. The email stated that the matter should not be discussed with any other member of staff because it may jeopardise the deal's closure. The finance staff went ahead and carried out an authorised transaction.

Later the same day, the team member saw her CFO, mentioning that she had carried out the payment as instructed. The CFO looked puzzled and asked, `what payment?'

Unfortunately, the business suffered a monetary loss.

The member of staff could have simply called or spoken with the CFO, before pressing the `submit' button. If she had, she would have discovered that the email was not a legitimate request and that the CFO's account had been hacked.

Useful links

From the threats to ways to mitigate the risks for your business, find out what you need to know about cybercrime.

Need help?

Get in touch to learn more about our banking solutions