A Marine Company, based in Sheppey reached out to our team at IT Manager. They specialise in the re-fitting, re-kit, painting, and treatment of boats, docks, and the building of safety structures along the Thames river.

Problem:

The team at IT Manager received a panicked phone call from the company’s Managing Director, informing us that their emails had been compromised. The company’s client had received an email from the company with altered bank details, causing the client to pay an invoice for £25K to the scammer’s account.

The emails had been diverted and the passwords had been changed, making it difficult for the Managing Director to access the emails. The attack was a targeted phishing scam, initiated by a “bad actor” in Gravesend.

The phishing email was sent to an employee and contained a fake Microsoft login page, asking for their username and password. This information was then used to gain access to the company’s email accounts, marking all the emails as read and deleting them. This is a common phishing exercise to obtain someone’s details and should be dealt with immediately to avoid any further compromisations.

Solution:

To protect against future phishing attacks, the company set up a multi-factor authentication process with the advice from our expert team. The company also adjusted its email filtering and quarantine process and changed all the passwords for further protection.

To prevent this from happening again, anti-virus software was also set up with a “zero trust” approach. This means that any mail recieved is blocked unless it has been approved. User training on how to identify and avoid phishing scams was also implemented to educate the staff about other potential scams.

Since then, IT Manager has replaced the company’s computers and reviewed their accounts with Office 365, making sure they were only paying for what they needed.

Another authentication practice was to set up email signatures to make it easier to identify if someone is pretending to be someone else. The company also configured its systems for onsite equipment backups and email backups.

Outcome:

Two years later, the company recovered the money that had been paid to the wrong account. The company learned that being proactive rather than reactive would save them both stress and money. 

IT Manager provided support and training, helping employees work more efficiently and productively. The company has taken steps to ensure the security of its emails and sensitive information, making sure they are protected against future phishing scams.