Cyber Threat Weekly

Business Email Compromise

August 28, 2020 WMRCCU Season 1 Episode 15
Cyber Threat Weekly
Business Email Compromise
Show Notes Transcript

This episode talks about the Business Email Compromise along with Pension Scams and more. 

After listening to this podcast please visit Action Fraud, Take Five, National Cyber Security Centre and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.

Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands.

Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso.

To contact us please email us at

Hello, my name is Patrick and I'm a detective and cyber protect officer from the West Midlands Regional Cybercrime Unit. 

Today's date is Friday the 28th of August 2020, and these are your Cyber Threat Weekly headlines. A rise in business email compromise, 15 year old boy arrested in Merseyside for hacking into PayPal accounts. A Russian national has been arrested in the US attempting to recruit an insider and hack a Nevada based company. Pension savers have reported to actual fraud over 30 million pound has been stolen in scams, and nearly half of all UK IT leaders have not upgraded to cloud security. 

Business Email Compromise is basically a type of phishing email, it usually gets sent to somebody who is in a position to transfer funds and or sensitive information. 

Three common examples are, a company that is frequently dealt with contacts you to update banking details. A person in charge of a company or organisation contacts somebody within say finance department asking them to transfer funds which are slightly different to what they normally are. An example in relation to more of an individual as opposed to company would be if somebody was purchasing a house, and they received emails saying that there was a slight correction to the bank details which they needed to use to make their down payment.

Merseyside Police have arrested a 15 year old male for hacking into a number of PayPal accounts earlier in 2020, within the UK. The male has subsequently been released pending further investigation, On arrest under the Computer Misuse Act 1990, a number of high value items such as iPhones, Apple watches, and other electronic devices were seized on arrest. As ever suspected, these items were purchased from the proceeds of crime. 

Wednesday, the 26th of August 2020, the US Department of Justice announced they had levied a number of charges against a Russian male who had travelled to Nevada in the US, and was suspected to have had the intention to convince an employee of the Nevada based company to plant malicious software within its network in exchange for a million dollars. The charges also stated the intention was to steal highly sensitive company information to be later used to blackmail and extort for a much higher sum of money. 

Action Fraud and the Financial Conduct Authority have issued advice to people who have pension saving schemes. Since 2017, between 1000, and 500,000 pound has been stolen from individuals amounting to a total of 30,800,000. A lot of these scams originate online and offer very attractive investment opportunities. Regulators recommend taking the four following steps, which can assist with detecting real from fake scams. 

First of all, never feel pressurised into agreeing to any scheme being offered. 

Secondly, fairly safe to reject almost automatically any completely out the blue scheme being offered to you. 

Third, check who you're dealing with, they may be genuine however, there are very trusted sources such as financial regulators and Action Fruad that can provide information about who you're dealing with.

Fourth get impartial advice or for want of a better word second opinion is always a good option. 

Finally, 47% of IT leaders and in a recent survey had not updated their security strategies to account for the increasing move towards the cloud environment. On site security measures such as Intrusion Protection Systems, and antivirus have not always been seen as suitable and often cause performance bottleneck issues.

For additional guidance, please visit the National Cyber Security Centre (NCSC), Action Fraud and the Take Five campaign websites. Also please do not hesitate to contact us with regard to training, advice and guidance on how to protect and prepare yourself or your business online. 

Thank you