Information is a Commodity to be Bought, Sold or Traded

Over the last year you will have read that fraudulent activity has been on the rise; most specifically bank account hacks. Fraudulent transfer amounts have ranged from £1,000 to staggering £3 million in some cases.

In many cases PA or wealth managers are deceived, acting on instructions from their bosses. In many cases banks were in part liable because they made transfers based on emails received with no verbal verification. In each case the fraudster made off with at least one full transfer before the banks had seized the funds back and returned them to their customers.

The victims were targeted by an email account compromise and had been defrauded by a computer. To avoid this happening to you, it is important to understand how this happened, through a combination of fraud and cyber security crime.


After each fraud was investigated, it was discovered that the victims email accounts had been accessed. The fraudsters set up email filters which made sure that any response to the fraudulent emails would not go to the victim.  These responses would be deleted immediately. The fraudsters then access the finance manager’s email account using the compromised accounts password. The same filters are then applied to the finance manager’s account. Sending an email to the finance manager, instructing them to make the transfer completes the last part of the fraud. When the finance manager emails back for further details or verification the victim will never see the email due to the filters in place.  The fraudster then responds to the emails from the finance manager.


Fraudsters get hold of the victims email account and password fairly easily.  It is common practice for user names to be our email address, which can be found by a simple Google search. The fraudsters only really needed to focus on passwords which are usually based on personal information an in some cases can be guessed from social media sites.  We are all guilty of using the same password for all of our online sites. It is also possible to trick a user into revealing their password by downloading a new app or by encouraging them to check out a new video by clicking on a link within an email. There are also various methods of cracking passwords. In recent cases, most of the email accounts were accessed by victims clicking on a ‘phishing email’.  This is a message that tricks the user into downloading or giving their email information out.  It also appears that in some cases the username-email address and password information were obtained when the victims were using free Wi-Fi networks. These networks were deliberately set up to look like a hotel or airport Wi-Fi.


These fraudulent cyber attacks do not employ sophisticated high tech methods. If you continually use the same password for all your accounts you are vulnerable to this type of fraud. Fraudsters can not only send you emails but can access your social media accounts, send spam, tweet and post as you, read all your files but more importantly can attack others from your computer. Information is just a commodity to be bought, sold or traded.

Maintain good private security practise with your passwords and regularly update these. If an email offer comes through that seems to good to be true – be suspicious and be wary of malware, phishing and spam email. Avoid or limit wireless connections at airports and hotels. Use a VPN service to secure your Internet connection and conceal your IP address. This and other measures outlined in our hacking infographic will help protect your online data, enhance and future-proof your cyber security.

Sign up to our security newsletter

* indicates required