Barclays warns customers of the risks of business email compromise

Raising awareness is key.


Business email compromise, also known as "whaling" or "CEO fraud", is one the biggest threats facing businesses today.

The perpetrators behind the attacks don't need to write sophisticated malware, or breach your computer security systems. All they need to do is send an email to a member of your staff, posing as a senior executive and asking for a sizeable amount of money be transferred to a bank account under their control.

How big an amount of money?

Well, Ryan Air lost $5 million after being targeted by scammers in this way. One of the world’s leading wire and cable manufacturers, Leoni AG, was swindled out of a staggering $44 million through this technique, and aerospace parts manufacturer FACC was defrauded to the tune of $55 million.

And sometimes it's not money. As the likes of Seagate, Snapchat and others have discovered in the past, sometimes the fraudsters are after customer databases or HR records that they can exploit for financial ends.

So I'm delighted to see Barclays Bank releasing videos warning users of the risks of business email compromise.

This problem is primarily a human one. We cannot hope to fight it unless we raise awareness, and train staff to follow proper procedures when asked to move money or email sensitive documents.

As I explain in my own YouTube video, it should be ok to say "no" to the CEO.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

5 Responses

  1. Phil Potts

    January 30, 2017 at 3:24 pm #

    This is excellent. Well done, Barclays.

  2. Bob

    January 30, 2017 at 9:18 pm #

    Barclays digitally sign their emails which is great. I wish more banks would as it'd vastly improve security.

  3. Mordac

    January 31, 2017 at 11:00 am #

    These videos are excellent, so I looked for a way to ask permission to reuse them in our internal awareness training. No hints about email address format on the website – good! – but also no indication of how to contact security, so I tried "security@…" .

    And it bounced. "No such mailbox".

    Oh /Barclays/…

    • Bob in reply to Mordac.

      January 31, 2017 at 11:42 am #

      Try writing to them at: Barclays Bank PLC, 1 Churchill Place, London E14 5HP.

      Anything you receive via email is legally useless if they turn around and say to you (or your company) that their legal / media department didn't give permission. The last thing you want is a copyright claim.

  4. Michael Ponzani

    January 31, 2017 at 8:25 pm #

    Posting Pics of our privates. Lascaux cave paintings. Etruscian wall graffitti . Blah,Blah Blah, Has the biggest dick in town. Which is why we get into trouble.. I bet if their "One stripes" looked like a pea stuck on an immature green bean with two radish SEEDS hanging down, they wouldn't post it. (I can't post mine.)

Leave a Reply