Quantuma's Investigations expert Mike Wright advises on the risk of Spoofing attacks to businesses in 2019

2019 should be the year in which all businesses, from small start-ups to large corporations, review their security policies to protect their company from the financial implications of cyber crime.

Figures published earlier this year by cyber security research showed that just over half of small businesses had experienced a cyber security breach in the last year, with fraudulent emails making up 72% of cases.

Quantuma’s investigation team have dealt with a number of spoofing cases in 2018, all of which resulted in amounts of more than £250k being lost directly from clients’ bank accounts.

Spoofing or Business Email Compromise frauds  are emails that, to the receiver, look as though they are genuine communications from trusted colleagues or suppliers.  The most commonly spoofed emails are those of executives and employees with roles in finance, such as CFOs, with the aim of the scammers to misdirect and divert funds into their own accounts.  Many smaller businesses mistakenly believe that they fly under the radar of such scams, but the reality is that they are just as likely to be a target as larger corporations.

However, there have been some positive legal steps in countering this type of fraud.  One of the most significant in 2018 was the first freezing order for “persons unknown”, obtained by law firm Cooke, Young and Keiden.  The landmark ruling means businesses are now able to pursue legal action in fraud cases where the perpetrator is unknown.  The order can compel banks and institutions to freeze any assets or funds related to the crime and ensure they help in identifying the fraudsters.

Insurance group QBE have also taken the initiative in becoming the first to create an eTrade platform which will provide cover for social engineering fraud, which will counter the increasing risk of falling victim to impersonation.

Despite these measures, businesses would be wise not to underestimate the risk that spoofing attacks and poor cyber security pose. Many companies don’t have the money needed to investigate a fraud and will simply try to absorb the cost. Those that have lost substantial amounts of money can suddenly find themselves struggling financially and may even become at risk of insolvency.