- Cybersecurity & Privacy - Identity & Authentication Management
- Cybersecurity & Privacy - Intrusion Detection
- Buildings
- Finance & Insurance
- Quality Assurance
- Tamper Detection
- Usage-Based Insurance
- Training
The customer is a leading independent insurance broker based in the UK. They specialize in providing insurance advice for high-value business mergers and acquisitions. As such, they process a wealth of sensitive data. Despite maintaining a high level of security, they were compromised by a cybercriminal and used as a platform to launch a Business Email Compromise (BEC) attack. The firm was keen to understand the extent of the compromise and how to safeguard against similar threats in the future. They needed support from an expert cybersecurity company to help shed light on events surrounding the attack.
A leading independent insurance broker, specializing in providing insurance advice for high-value business mergers and acquisitions, was compromised by a cybercriminal. The firm was used as a platform to launch a Business Email Compromise (BEC) attack, designed to trick one of its clients into paying two open invoices, with a total value close to £300k, into an alternate bank account. The attack was detected before any payment was made, thanks to a vigilant member of staff from the client company who insisted on verbal verification of the financial details supplied. However, the firm was keen to understand the extent of the compromise and how to safeguard against similar threats in the future. They needed support from an expert cybersecurity company to help shed light on events surrounding the attack.
The firm turned to Redscan, a leading provider of threat detection and response services, to conduct a full forensic investigation. The initial focus of Redscan’s assessment was the analysis of email logs relating to the Office 365 accounts suspected of being used to instigate the fraud. The team identified that a phishing email had been received by a senior-level employee's account six weeks prior to the BEC attack. The phishing email, purporting to be from Microsoft®, claimed that the user’s account may have been accessed and requested that the user sign in to review activity for security reasons. Redscan's analysis revealed that the attackers had used the information gathered in reconnaissance to create a chain of spoof email communications designed to imitate the compromised user and request payment of the outstanding invoices to a substitute bank account. The Redscan team produced a formal incident report outlining a full timeline of events and included recommendations to help the firm prevent and detect future attacks.
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.