Barclays warns customers of the risks of business email compromise

Raising awareness is key.

Graham cluley
Graham Cluley
@[email protected]
It could happen to anyone…don't let your business be next

Business email compromise, also known as “whaling” or “CEO fraud”, is one the biggest threats facing businesses today.

The perpetrators behind the attacks don’t need to write sophisticated malware, or breach your computer security systems. All they need to do is send an email to a member of your staff, posing as a senior executive and asking for a sizeable amount of money be transferred to a bank account under their control.

How big an amount of money?

Sign up to our free newsletter.
Security news, advice, and tips.

Well, Ryan Air lost $5 million after being targeted by scammers in this way. One of the world’s leading wire and cable manufacturers, Leoni AG, was swindled out of a staggering $44 million through this technique, and aerospace parts manufacturer FACC was defrauded to the tune of $55 million.

And sometimes it’s not money. As the likes of Seagate, Snapchat and others have discovered in the past, sometimes the fraudsters are after customer databases or HR records that they can exploit for financial ends.

So I’m delighted to see Barclays Bank releasing videos warning users of the risks of business email compromise.

This problem is primarily a human one. We cannot hope to fight it unless we raise awareness, and train staff to follow proper procedures when asked to move money or email sensitive documents.

As I explain in my own

rel="nofollow" title="Link to YouTube video">YouTube video, it should be ok to say “no” to the CEO.

Security means sometimes saying no to your CEO | Graham Cluley

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.