Barclays warns customers of the risks of business email compromise

Raising awareness is key.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley
It could happen to anyone…don't let your business be next

Business email compromise, also known as “whaling” or “CEO fraud”, is one the biggest threats facing businesses today.

The perpetrators behind the attacks don’t need to write sophisticated malware, or breach your computer security systems. All they need to do is send an email to a member of your staff, posing as a senior executive and asking for a sizeable amount of money be transferred to a bank account under their control.

How big an amount of money?

Sign up to our free newsletter.
Security news, advice, and tips.

Well, Ryan Air lost $5 million after being targeted by scammers in this way. One of the world’s leading wire and cable manufacturers, Leoni AG, was swindled out of a staggering $44 million through this technique, and aerospace parts manufacturer FACC was defrauded to the tune of $55 million.

And sometimes it’s not money. As the likes of Seagate, Snapchat and others have discovered in the past, sometimes the fraudsters are after customer databases or HR records that they can exploit for financial ends.

So I’m delighted to see Barclays Bank releasing videos warning users of the risks of business email compromise.

This problem is primarily a human one. We cannot hope to fight it unless we raise awareness, and train staff to follow proper procedures when asked to move money or email sensitive documents.

As I explain in my own video, it should be ok to say “no” to the CEO.

Security means sometimes saying no to your CEO | Graham Cluley


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Barclays warns customers of the risks of business email compromise”

  1. Phil Potts

    This is excellent. Well done, Barclays.

  2. Bob

    Barclays digitally sign their emails which is great. I wish more banks would as it'd vastly improve security.

  3. Mordac

    These videos are excellent, so I looked for a way to ask permission to reuse them in our internal awareness training. No hints about email address format on the website – good! – but also no indication of how to contact security, so I tried "security@…" .

    And it bounced. "No such mailbox".

    Oh /Barclays/…

    1. Bob · in reply to Mordac

      Try writing to them at: Barclays Bank PLC, 1 Churchill Place, London E14 5HP.

      Anything you receive via email is legally useless if they turn around and say to you (or your company) that their legal / media department didn't give permission. The last thing you want is a copyright claim.

  4. Michael Ponzani

    Posting Pics of our privates. Lascaux cave paintings. Etruscian wall graffitti . Blah,Blah Blah, Has the biggest dick in town. Which is why we get into trouble.. I bet if their "One stripes" looked like a pea stuck on an immature green bean with two radish SEEDS hanging down, they wouldn't post it. (I can't post mine.)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.