Regional Cyber Briefing

Current Threats

Payment Diversion Fraud (PDF) / Business Email Compromise (BEC) 
PDF, also known as Business Email Compromise (BEC) or Mandate Fraud, involves criminals impersonating others, creating or amending invoices and diverting payments to bank accounts under their own control. This can target both businesses and individuals.

PDF is a significant threat to the UK economy with reported losses of around £152m in the year to September 2021, and over 4,600 individual cases. Businesses are particularly impacted by annual spikes in PDF that normally occur in March and November, and are associated with financial year-ends. PDF has been increasing and this trend is predicted to grow because of increased business activity associated with relaxing of Covid-19 restrictions, alongside the increased sophistication of fraudsters involved in PDF.

PDF affects all types of businesses and individuals. However, due to the targeted nature of this fraud type, small and medium sized businesses, which often have less comprehensive IT security, are particularly vulnerable. In addition, individuals that are purchasing houses and are involved in large financial transactions are also at risk. These two victim groups should be particularly vigilant to protect themselves against PDF.
> Advice
Defending against PDF requires that organisations have in place adequate technical controls to prevent malicious software infections, secure business processes around verifying financial transactions, and frequent training and communications around identifying/reporting PDF incidents.

There are a number of resources which can help both organisations and individuals protect themselves against this type of crime. These resources are listed on Action Fraud's dedicated PDF page on their website.

If you are concerned about your organisation's ability to deal with an attack involving PDF/BEC, or you think you would benefit from a dedicated input, please get in touch and we can run workshops which focus on these types of attacks, such as those sessions found on our website.
> Reporting
If you think you have been a victim of cyber crime, please report the incident to Action Fraud via phone (0300 123 2040) or website at

If you've received a suspicious email, please forward it to the NCSC's Suspicious Email Reporting Service (SERS) at ''. More information, including advice on how to protect yourself against phishing, can be found on the NCSC website.


NPCC Business Cybercrime Conference, Thu 4th Nov, 08:30 - 14:00
Commissioner Ian Dyson QPM (National Police Chiefs’ Council (NPCC) Lead for Cybercrime) and Martin Smith MBE (Founder & Chairman of SASIG) invite all businesses, small and large, to attend the NPCC National Business Cybercrime Conference 2021 taking place on Thursday 4 November 2021 at the iconic Kia Oval in London.

The conference is free to attend and is aimed at helping minimise business' risk and exposure to potential cybercrime. It is a great chance to hear from law enforcement and industry experts about the emerging risks to your business and how you can protect yourselves against attack. More information can be found on the SASIG website.


Tesco website and app back up after hack attempt
The retail giant's services had crashed after what Tesco said were attempts "to interfere with our systems". The possible hack at Britain's biggest supermarket began with shoppers unable to order goods and track deliveries.. Read more via BBC
Cloud service resellers targeted by Russian actor Nobelium, says Microsoft   
A recent Microsoft blog shares details of increasing activity, such as phishing and password spray attacks, against organisations who manage cloud services and other technologies on behalf of their customers. The article suggests that the attackers, suspected to be Russian nation-state actor 'Nobelium', are attempting to carry out these supply chain attacks in order to compromise downstream customers of managed service providers. Read more via Microsoft
Ofcom asks phone networks to block foreign scam calls
Major phone networks have agreed to automatically block almost all internet calls coming from abroad if they pretend to be from UK numbers, Ofcom has confirmed.
Criminals have been using internet-based calling technology to make it look like a phone call or text is coming from a real telephone number. Read more via BBC.
Subscribe to this mailing list
Copyright © 2021 SW Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can
update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp