0845 287 3622

Picaw - Security Systems For Business

Spoofed Email Transfer Requests: A Dangerous Type Of Fraud

Learn from my own experience ...


Recently, our financial controller received an email, purporting to come from me, requesting a bank transfer. It showed my email address and our financial controller requested further details ...

I'm glad we have a suspicious financial controller. That spoofed email could have cost us a lot of money!

I'm glad we have a suspicious financial controller. That spoofed email could have cost us a lot of money!

copyright: andose24 / 123rf stock photo (licensee)

Even though the email showed the reply going to me, the reply actually went to the fraudsters email, not mine! The request was to transfer £11,500.00 to Allied International UK Ltd, Account number: 50464767, Sort code: 20-48-42.

"Fortunately, our financial controller was suspicious about such a big transfer, so called me to express his concern!"

We reported the issue to the Police who took the details and said "you don't need to contact us again, we will contact you if necessary!" and gave me a case reference number then hung up.

Using a sort code search, I identified the fraudster's bank to be Barclays Bank in Leicester, so contacted the Barclays fraud team and advised them of the details. Apart from having to wait 21 minutes for my call to be answered, they were very interested (much more so than the police were) and took all the details.

I then contacted our email specialist for assistance in preventing a re-occurrence. He advised me that Microsoft Outlook allows an email to be sent by the fraudster and yet show a different sender (my email address) and the reply goes to the fraudster, not the apparent sender!

Whilst our email server will reject incoming emails coming in from anyone using our company email addresses as "not sent from this domain" the hidden fraudsters email address circumvents this security. The specialist's view was there is little to be done without setting up fully authenticated email.

So what can we learn from this event?

  1. Make sure there is a level of authentication within the organisation over and above email requests for any transfer of funds.

  2. If you receive a suspicious email check the properties of the email to see the details of the sender.

  3. Consider the use of authenticated email.

  4. Pass on the information of this scam so others are aware.

  5. Be constantly alert for fraud.

  6. If you receive an email to change any bank account details, call the sender (checking any telephone numbers in the email are correct) before making the requested changes.

Because we work so closely with many different customers, I'm meticulous about security on our network because what impacts us can impact them too.

"But this is incredibly difficult for automated systems to identify!"

At a bare minimum, I'd suggest putting limits on what your team members can do without verbal consent from you, especially when it comes to cash transfers out of your company's bank accounts!

Until next time ...



If you'd like any further information, then do call me on 0845 287 3622.


Why not visit www.picaw.com and find out more?

Share the blog love ...

Share this to Google+Share this to FacebookShare this to TwitterShare this via BufferShare this to LinkedInShare this to Pinterest
Click here to Share, Email or Bookmark this website

Précis (11)

More about Peter Williams ...

While working with Volvo in the late 70’s I realised the way forward in international component distribution was computing. I created a company distributing components for several international manufacturers using the 'new' computers of the day. I quickly realised we needed our own programs so started writing distribution software. I grew the company by developing the software until I eventually sold my shares 20 years later, but retaining the rights to the software. I continued developing the software and supplied it to several similar companies where the software is still used today.

During 1999, I was asked by a friend to develop a facility to video the live sea conditions on the south coast accessible on the internet. Working with a Linux software developer I created our first remote video application. The internet boom of 2000 allowed me to develop a commercial application forming the basis of our systems today.


0845 287 3622



More of my blog posts for you to enjoy ...

How To Get The Best Pictures Out Of Your CCTV Camera
You can't manufacture the detail later ...

Fire Safety: Have You Checked Your Fire Doors Recently?
You could potentially receive a massive fine ...

Do You Have A Thorough CCTV Policy?
Does it comply with legislation?

Why Fire And Intruder Alarm Systems Maintenance Is Essential
And why your maintainer needs to be UKAS accredited ...

The Benefits Of A Wireless Fire Alarm System
Minimising disruption to your site ...

The Curse Of Spam Email
But what can we do?

Fire Safety Training For Businesses
Do you comply with the law?

Your Hackable Internet Of Things
And that includes your IP CCTV cameras ...


Keep in touch ...

Send us an email
View my RSS newsfeed
Find us on Facebook
Follow us on Twitter
Connect with LinkedIn

By Category ...

CCTV (11)

Fire Safety (11)

General (15)

Networks (9)

Security (2)

By Popularity ...

The Importance Of Your Network Infr ...

Fire Safety Training For Businesses

Domains: Who Controls Your Website ...

Your Hackable Internet Of Things

21 Great Business Uses For Closed C ...

Bring Your Own Device Vs Your Compa ...

The Benefits Of A Wireless Fire Ala ...

Do You Have A Thorough CCTV Policy?

Welcome To The Brand New Picaw Blog ...

What Governs A Business's Approach ...

Quote of the day ...

"A bend in the road is not the end of the road... unless you fail to make the turn"

Login ...

Remember me