Man-in-the-email Attacks

Man-in-the-email Attacks

A story of Beth

Before I narrate the story of Beth, we must first understand how man-in-the-email attacks occur.

A man-in-the-email attack, commonly known as Business Email Compromise (BEC) or man-in-the-middle attack is an exploit where attackers attempt to gain access to a company’s corporate email account by spoofing the identity of an organization, its employees, customers or even partners in order to defraud them of money

People so often fall for this attack because the email address used by the attacker is closely similar to the legitimate email address. This is known as spoofing. The story of Beth is a true story of an employee who fell for a BEC exploit.


Beth works in the marketing department of company X. She had just resumed her duties after taking a few days off from the office. Her day begun by catching up on company emails on a cold Tuesday morning. Just before she began her leave, Beth sent out an email marketing campaign to her company’s client database.

While skimming through her mailbox, she came across a few emails with attachments that appeared as responses to the campaign. The sender’s email address seemed legitimate enough, therefore, Beth went ahead to investigate the contents of one of the emails. The email addressed the sales department instructing the recipient to view the remittance form attached.

Without giving it a second thought, Beth opened the word document attached only to find that the document did not have any useful information on it. It was clearly not a remittance form. Immediately, it dawns on Beth that this is, in fact, a phishing email.


In a panic, Beth immediately initiated a computer scan and consulted her colleague in the IT department on what to do next. Her colleague advised her to immediately disconnect her PC from the network and continue with the scan offline. Thankfully, the antivirus scan caught the trojan that was embedded in the attached document and eliminated it before any harm was done. A close call.

This business email compromise exploit did not come without warning. The first red flag that Beth should have noticed is that the email should have been addressed to the finance department and not sales since it allegedly contained a remittance form. Another red flag is that in her time working in the sales and marketing department, it is unusual for a client to respond to an email marketing campaign in this manner.

On taking a second look, Beth would have observed that the sender’s email address was slightly different from the client’s actual email address. If she went on further to the email source, the true source of the email would have been revealed.

The Take-Away

  1. Always give it a second thought. An extra second of consideration could decide the fate of your organization
  2. Always verify the source of any email before opening any attachment. (How to view the source of an email)
  3. If you suspect that you have opened a malicious email attachment, immediately disconnect your device from the company’s network and initiate a full computer scan while offline
  4. Notify relevant personnel of the incident
  5. Ensure the email is quarantined in a spam database
  6. To be on the safe side, conduct a thorough audit of the entire network to ensure no other endpoints were compromised
  7. Subscribe to an Email Security Service such as Pepea Email Security with effective spam filters, inbound and outbound filtering to prevent the occurrence of man-in-the-email attacks

This Post Has One Comment

Leave a Reply