Intelligence Summary: SME-042
Vector: BEC (Business Email Compromise) | Victim: UK Mortgage Provider
This case study, adapted from partnership intelligence with Pax8, illustrates the "Long Game" played by modern threat actors targeting small-to-medium enterprises.
The attack did not begin with the victim. Hackers successfully phished a law firm that the mortgage company worked with frequently. Instead of locking the system, they sat silent for three months, monitoring communications, learning the tone of voice, and identifying upcoming transactions.
To execute the theft, the attackers registered a domain with one minor change: they swapped an uppercase “I” for a lowercase “l”. In a standard email client, the difference is virtually indistinguishable to a busy employee.
The mortgage company employee received an email—appearing to be from their usual legal contact—requesting a bank account change for an upcoming $250,000 closing. The funds were wired and immediately dispersed through thousands of accounts globally. The business owner had to take out a HELOC on his own home to cover the loss and save the firm's reputation.