We hear from a London-based creative agency that was targeted by fraudsters last year. What happened and what lessons did the company learn?
For creative agency Sideshow, however, the threat of financial crime became a reality when the company was the victim of CEO fraud last year.
The company's finance department had received an email from Director Tony Hill requesting an urgent payment be made to a supplier on that same day.
It was on a finance update call a few minutes later that the team asked Tony to confirm that the payment was legitimate.
“The invoice amount and supplier didn't sound familiar to me so I double-checked and went straight back to the finance team saying I definitely hadn't sent them an email, and the invoice was not correct,” explains Tony.
The finance team spoke to HSBC asking them to put a stop to the payment and from there, the company's Relationship Management kept in touch regularly providing updates on the case.
“Ultimately, working with the receiving bank, HSBC was able to put a stop to the payment and we got all the money back,” says Tony. “It was, though, a concerning time and taught us some valuable lessons.”
The fraudsters had gained access to Tony's email account when he'd opened an attachment from a senior figure at a fellow agency - enabling them to send the emails requesting a fraudulent payment.
“That email came from someone I knew in the industry but it shows you the reach the fraudsters had. We are now much stricter across the company and staff are told not to open any attachments unless they are 100% sure they are safe - even if they know and trust the sender of the email,” says Tony.
Beyond the IT side of things, the company has reinforced the fact that any emails from the company directors requesting urgent payments must be confirmed over the phone.
“Because we got our money back, this did turn out to be a positive experience for us - we are more aware of the risks that are out there and the threats posed by cybercriminals and have put further security measures in place,” concludes Tony.