IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Incident Response

Investigation into a Business Email Compromise Attack

Investigation into a Business Email Compromise Attack

The Background

The client, whom we refer to as GL is a leader in hospitality industry with a portfolio of over 30 brands across 100 countries. GL works with a number of vendors to run its day-to-day operations worldwide and process a high volume of monthly transactions. GL's Managing Director lost his mobile phone during an overseas business trip. Afterwards, a total of four fraudulent emails that pretended to have come from a vendor were sent to GL throughout eleven months. Every message used some form of payment request based on a fraudulent PDF.

The Process

Pragma investigated each email incident separately to determine the attacker's course of action. It revealed the attacker's progress as well as the client's continued exposure to attack. Subsequent attacks were launched from other email addresses, indicating the attackers may have gained a foothold in the vendor's systems.

Pragma helped GL strengthen their security further by identifying high-risk O365 users. These users were signed out of their accounts and required to create new passwords. Multi-Factor Authentication (MFA) was implemented for all users.

After completing the analysis and finishing these steps, Pragma assured the client their email was secure. No ongoing unauthorised access could be detected.

The Result

Pragma's investigation and actions were concluded within one day. Pragma CIRT secured the accounts and eliminated further fraud, the client was able to contact their bank and have the transactions reversed. We recommended the following:

  • Updated Firewall Rules
  • Endpoint Security
  • Passwords and Access
  • Mailbox Rule Review
  • Password Strengthening
  • Active Directory Lockout


Business Email Compromise
Fraudulent Emails
Vendor Fraud
Mobile Phone Loss
O365 Security
Multi-Factor Authentication
Firewall Rules
Endpoint Security
Password Security
Mailbox Rule Review
Active Directory Lockout

Join the Pragma Community Today



Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit


Pragma Logo

Terms & conditions

Privacy Policy