Lessons from a breached email and inheritance theft

Breached email

We all spend almost every day plugged into our emails. For most of us, this is our primary source of communication with the rest of the world – whether for work or our personal lives.

However, despite its utility, email communications can have a darker side. This blog will help answer what threats exist, why email security matters, and, most importantly, what can be done to defend against these threats. Plus, we will look at a real-life case in which email was used to steal hundreds of thousands of pounds.

What vulnerabilities could exist in my email security?

So, what vulnerabilities could exist when using your email? The first and greatest threat is phishing, I won’t discuss this further as there is already lots of good information available about phishing, including this blog post.

Phishing also has a close cousin. We’ve all received an email at some point from what appears, on first look, to be a legitimate sender. For instance, you might receive an email from an address at ‘arnazon.com’ asking you to update your card details. It looks legitimate if you just glance at it (which is what cybercriminals are banking on) but leads to a fake corporate website which cybercriminals will use to steal your financial information. This is known as ‘spoofing’. 

Another vulnerability which extends beyond email is weak authentication. In layman’s terms, this is having a poor password. A password that is either short or one that is easily guessable, such as a piece of information that is known by you. For example, your pet’s name or your birth date. 

This information can be used to launch further threats, such as man-in-the-middle attacks. This involves intercepting and potentially altering email communication between two parties to deceive or scam one or both parties.

Of course, these are only a few of the many vulnerabilities that exist, but they give us an idea of what is out there.

Did you know that 49% of SME leaders feel more at risk of cyberattack since the beginning of the cost of living crisis? Read our new report to find out why.

What are the possible impacts of these vulnerabilities?

It’s easy to assume that email security is not your greatest concern. Why would anyone want to attack you? Well, there are many reasons, whether using your personal email or work email, these are some of the possible impacts you could experience:

Identity Theft

Identity theft can lead to financial losses for you or your business, reputational damage and even legal issues.

Malware Infections

A successful malware attack could lead to the loss of important proprietary or customer data. This could prevent your business from being able to operate.

Data Breach

Sensitive information could be stolen and used against you. This could be intellectual property that could disadvantage your business. And this could see your business breach regulations and face legal consequences and receive fines.

The breached email and inheritance theft

Whilst working as a cybercrime detective in the police, I dealt with many cases that involved email as the attack method.

One such case involved a solicitor. As you can imagine, security is a top priority considering the sensitive data solicitors process. And, this solicitor had done almost everything right. They had a business-owned domain and an IT team to look after it and ensure security. 

The firm’s security measures included IP whitelisting (which will be key in a minute). ‘Whitelisting’ is a security strategy that prevents users from logging into internal company platforms from anywhere other than ‘trusted locations’. For example, a ‘trusted location’ could be your head office or coworking space. In this case, there was only one trusted location, the solicitors’ office. 

What went wrong? 

Due to the pressures of the job, one solicitor in the firm decided to work outside of the office in the evenings and on weekends. To do this, they created a new email using the solicitors’ business name.

Here’s where things go wrong.

Unfortunately, this account was discovered by a cybercriminal and a weak password allowed them access to the inbox. The cybercriminal noticed one conversation that piqued their interest. The solicitor was dealing with an inheritance case and was working with the deceased’s family to distribute assets and money from the deceased’s will. 

The cybercriminals hijacked this conversation. Adding a forwarding rule so that any responses would be forwarded into a concealed folder. Preventing the solicitor from seeing them as well as allowing the messages to be altered and dropped back into the solicitor’s inbox.

The cybercriminals intercepted an email from one of the family members containing a document which detailed the bank account the inheritance money was supposed to be transferred to. Seeing this, the bad guys pounced, changing the bank details to their own.

The solicitor logged this information and continued with the formalities. A few days later, the money was transferred and the cybercriminals found themselves hundreds of thousands of pounds richer.

How to protect yourself when using email

So, what can you do to protect yourself? 

The good news is, by reading this blog you’ve taken the first step by improving your awareness. Understanding what types of threats exist and being alive to this ever-present danger will ensure that you start from the best possible place.

But it doesn’t stop there. Education is an ongoing process and if we truly want to protect ourselves, learning shouldn’t be something we do once a year. So keep working on your cybersecurity knowledge. This could be through security training or simply through reading blogs like this. 

As we saw in the case above, weak authentication was the gateway to this attack. Using strong passwords is crucial. This can be achieved by using the three random words principle, as recommended by the NCSC.

On top of this, use multi-factor authentication (MFA). This attack, and others like it, could have been foiled with this extra layer of protection. 

Finally, it is worth speaking with your IT teams to make sure that they implemented technical controls. This includes email filtering, to identify and block malicious content before it reaches you. As well as technologies like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to authenticate email sources.

Want to know more about the threats faced by small businesses like yours? Then check out our latest research report on how the cost of living crisis is impacting SMEs.

SME cost of living crisis