Lessons from a breached email and inheritance theft

Breached email

We all spend almost every day plugged into our emails. For most of us, this is our primary source of communication with the rest of the world – whether for work or our personal lives.

However, despite its utility, email communications can have a darker side. This blog will help answer what threats exist, why email security matters, and, most importantly, what can be done to defend against these threats. Plus, we will look at a real-life case in which email was used to steal hundreds of thousands of pounds.

What vulnerabilities could exist in my email security?

So, what vulnerabilities could exist when using your email? The first and greatest threat is phishing, I won’t discuss this further as there is already lots of good information available about phishing, including this blog post.

Phishing also has a close cousin. We’ve all received an email at some point from what appears, on first look, to be a legitimate sender. For instance, you might receive an email from an address at ‘arnazon.com’ asking you to update your card details. It looks legitimate if you just glance at it (which is what cybercriminals are banking on) but leads to a fake corporate website which cybercriminals will use to steal your financial information. This is known as ‘spoofing’. 

Another vulnerability which extends beyond email is weak authentication. In layman’s terms, this is having a poor password. A password that is either short or one that is easily guessable, such as a piece of information that is known by you. For example, your pet’s name or your birth date. 

This information can be used to launch further threats, such as man-in-the-middle attacks. This involves intercepting and potentially altering email communication between two parties to deceive or scam one or both parties.

Of course, these are only a few of the many vulnerabilities that exist, but they give us an idea of what is out there.

Did you know that 49% of SME leaders feel more at risk of cyberattack since the beginning of the cost of living crisis? Read our new report to find out why.

What are the possible impacts of these vulnerabilities?

It’s easy to assume that email security is not your greatest concern. Why would anyone want to attack you? Well, there are many reasons, whether using your personal email or work email, these are some of the possible impacts you could experience:

Identity Theft

Identity theft can lead to financial losses for you or your business, reputational damage and even legal issues.

Malware Infections

A successful malware attack could lead to the loss of important proprietary or customer data. This could prevent your business from being able to operate.

Data Breach

Sensitive information could be stolen and used against you. This could be intellectual property that could disadvantage your business. And this could see your business breach regulations and face legal consequences and receive fines.

The breached email and inheritance theft

Whilst working as a cybercrime detective in the police, I dealt with many cases that involved email as the attack method.

One such case involved a solicitor. As you can imagine, security is a top priority considering the sensitive data solicitors process. And, this solicitor had done almost everything right. They had a business-owned domain and an IT team to look after it and ensure security. 

The firm’s security measures included IP whitelisting (which will be key in a minute). ‘Whitelisting’ is a security strategy that prevents users from logging into internal company platforms from anywhere other than ‘trusted locations’. For example, a ‘trusted location’ could be your head office or coworking space. In this case, there was only one trusted location, the solicitors’ office. 

What went wrong? 

Due to the pressures of the job, one solicitor in the firm decided to work outside of the office in the evenings and on weekends. To do this, they created a new email using the solicitors’ business name.

Here’s where things go wrong.

Unfortunately, this account was discovered by a cybercriminal and a weak password allowed them access to the inbox. The cybercriminal noticed one conversation that piqued their interest. The solicitor was dealing with an inheritance case and was working with the deceased’s family to distribute assets and money from the deceased’s will. 

The cybercriminals hijacked this conversation. Adding a forwarding rule so that any responses would be forwarded into a concealed folder. Preventing the solicitor from seeing them as well as allowing the messages to be altered and dropped back into the solicitor’s inbox.

The cybercriminals intercepted an email from one of the family members containing a document which detailed the bank account the inheritance money was supposed to be transferred to. Seeing this, the bad guys pounced, changing the bank details to their own.

The solicitor logged this information and continued with the formalities. A few days later, the money was transferred and the cybercriminals found themselves hundreds of thousands of pounds richer.

How to protect yourself when using email

So, what can you do to protect yourself? 

The good news is, by reading this blog you’ve taken the first step by improving your awareness. Understanding what types of threats exist and being alive to this ever-present danger will ensure that you start from the best possible place.

But it doesn’t stop there. Education is an ongoing process and if we truly want to protect ourselves, learning shouldn’t be something we do once a year. So keep working on your cybersecurity knowledge. This could be through security training or simply through reading blogs like this. 

As we saw in the case above, weak authentication was the gateway to this attack. Using strong passwords is crucial. This can be achieved by using the three random words principle, as recommended by the NCSC.

On top of this, use multi-factor authentication (MFA). This attack, and others like it, could have been foiled with this extra layer of protection. 

Finally, it is worth speaking with your IT teams to make sure that they implemented technical controls. This includes email filtering, to identify and block malicious content before it reaches you. As well as technologies like SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to authenticate email sources.

Want to know more about the threats faced by small businesses like yours? Then check out our latest research report on how the cost of living crisis is impacting SMEs.

SME cost of living crisis

Why are data backups so important?

If you’re at all tuned into the cybersecurity sphere, you may have noticed that 31st March was World Backup Day (we forgive you if you missed that, it’s not a red-letter day in most peoples’ calendars). In the midst of all the messages telling you that it’s important to backup data, you may have found yourself wondering, why? And more importantly, how?

It got us thinking too. So, here’s the lowdown on backups – how they work, why you need them, and what you need to do to set them up.

Why do you need backups?

The rationale behind backups is pretty simple: sometimes, bad things happen and, when they do, you want to be sure your most valuable assets are safe. In this case, we’re talking about data, whether that’s personal data, customer data, or important files.

Simple, right? However, a staggering 21% of people have never backed up their devices. This is even more surprising when you consider all the ways in which data can be lost. There’s human error, which a Stanford University study estimates accounts for 88% of all data loss. You could lose data through the simple theft of a device. And, then, there’s cybercrime.

Data is the most valuable currency to cybercriminals. It’s why ransomware attacks are so prevalent and it’s also what most cyberattacks target (even a phishing attack is ultimately after data).

Using data backups not only protects you against accidental loss, but it’s also a key weapon against many cyber attacks. Take ransomware as an example; a cybercriminal may have held your data to ransom but, with a backup of that data, your business will still be able to operate while you decide what to do next. 

Think of it in the same way you would business insurance. You pay out each month, praying you’ll never have to use it, but if the worst does happen you’re covered. 

How do data backups work? 

Data backup software is a very simple concept. You install the software on your devices and systems, it then copies and saves your data to an external source. This could be an external drive, data centre, or cloud. 

Most modern data backup tools will save to a cloud. The data is copied, encrypted, and sent to a cloud server until you need to restore it. Storing your data in this way ensures that it’s safe in the event of accidental loss or a cyberattack. 

What data should you back up?

In most modern organisations, you can find data in just about every function of the business, whether that’s marketing, finance or sales. Files, folders, images, payroll data, supplier data, customer data, third-party app data – it all needs to be backed up. 

It might sound counter-intuitive that you need to back up third-party data. However, many Software as a Service (SaaS) businesses will only backup their own platform.

How do you set up data backups?

Setting up data backups for your business isn’t a complicated process. There are countless options, from tools like Dropbox Business to Microsoft OneDrive. The option you choose will largely depend on your business, but there are a few things to bear in mind.

1. Make it cloud-based 

You don’t have to use a cloud-based service as your primary backup, an external drive or your own data centre will work just fine. But, a cloud-based option will easily scale with your business and probably save you money in the long run. Added to this, there’s the safety element. Using a cloud is by far the safest way to store your data.

2. Keep it simple

 As an SME, it’s unlikely that your business is packed with IT experts. So, whichever option you choose, ensure it’s easy to set up and use. A good test of suitability is to ask yourself whether the least technically minded person in your business would be able to use it without difficulty. 

3. Set up a redundancy option 

Although you’re never likely to need it (cloud providers lose data very, very rarely), it’s worth setting up a backup of your backup. We advise having three copies of your data: the original, one in the cloud, and one on a company-owned drive or data server. That way you’re covered, whatever happens. 

4. Pick one that’s automated 

If you’re anything like the majority of small businesses, you probably don’t have a dedicated IT team. And, even if you do, they’re unlikely to have time between fixing printers and helping people locked out of their devices to manage backup processes.

To get around this, you’ll want a solution that backs up your data automatically, so no one in your business has to worry about it. 

5. Find out what your provider’s DRP is

Every data storage provider should have a disaster recovery plan (DRP). You need to know what your provider has in place should their servers experience an outage or be destroyed and how you can access your data. So when choosing, be sure to ask.


Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA