NewsSecurityDirector Fraud Follow Up

Director Fraud Follow-Up


We want to reiterate that all users must be cautious when clicking any link, be it a link to an unknown website or an attachment embedded within an email. If the sender is unknown or you feel that the email is not from the stated sender, verifying its legitimacy before interacting with it is better.


Spoofed emails or emails containing fake links & attachments are routinely used to gain access to business accounts and gather personal, business and banking information. Anti-virus and Anti-spam tools will help block a large majority of these, but they can sometimes slip through the cracks, leaving it up to you to spot anything suspicious before it’s too late.


Director Fraud & Online Security


Suppose you receive an email that you feel could be fraudulent or malicious. In that case, it’s always best to tread carefully and check with the sender before giving over any passwords or information that cyber criminals could use.

Director Fraud


Lately, we have seen a significant increase in spoof emails from cyber criminals claiming to be company directors, accountants and managers, targeting staff members to gain access to systems & information. Many emails get the victim to buy gift cards or a similar purchase.

The fraudster will register domains designed to be highly similar to a targeted company and data farm information from public records such as a Companies House or LinkedIn to find company directors’ names and information so they can set up fake email accounts in their names.

So using our domain as an example, “”, they may set up “” to trick users.


Most common types of scam emails:


  • Someone will pose as a boss or director of a company, instructing a staff member to send them money or provide information. This is often in the form of buying gift cards or vouchers.
  • We have seen them pose as an IT company/department of a bank, saying they will need to make a series of test transfers.
  • Will pose as a supplier claiming you have unpaid invoices with a link used to farm information from you, install malware or get you to send them money.

The display name will be correct in these instances, but the email address must be genuine. This may only show up in some email clients, such as mobile phones.

How to ensure you’re protected


Our top recommendations:


  • Ensure all members of staff are aware of this kind of fraud / spoofing.
  • Have a procedure in place that allows all members of staff to properly verify contact from Managers and Directors.
  • You should have a two-step authentication procedure in place before any monetary  transactions are made, this could be as little as a pin/phrase sent in the email, all the way up to verbal confirmation of a transaction either in person or over the phone.
  • Always review any form of financial transactions for errors and changes, such as a misspelt company name or email address, changes in bank details, etc.
  • Work out and consider what information about your company is publicly available and whether it needs to be public, places you should check include: Companies House, social media platforms and company websites.
  • Ensure that all computer systems are secure and that antivirus/antispam software is up to date and installed where appropriate.

Microsoft Defender For Office 365


User impersonation protection is a security feature provided by Microsoft Defender for Office 365 that helps protect users from phishing attacks. Phishing attacks are attempts by cybercriminals to trick users into sharing sensitive information, such as login credentials, by posing as a legitimate entity or person.

With user impersonation protection, Microsoft Defender for Office 365 uses machine learning models to analyse incoming emails and detect signs of phishing attempts. These models identify emails that attempt to impersonate a user or a trusted entity, such as a company or a brand, and mark them as suspicious or block them outright.

User impersonation protection works by comparing the sender’s display name, email address, and other attributes to known information about the user or entity they claim to be. If there is a mismatch, the email is flagged as suspicious.

Additionally, Microsoft Defender for Office 365 can also learn from user feedback. If a user marks an email as phishing or not phishing, the system can use that feedback to improve its detection accuracy.

In summary, user impersonation protection is a crucial security feature that helps protect users from phishing attacks by identifying and blocking suspicious emails that attempt to impersonate a user or a trusted entity.


If you have any questions, contact us, you can talk to us about possible ways to improve your security and help put measures in place to reduce the chance of successful fraudulent attacks. Similarly, you can leave us message via our social media as well.