A client had been notified that a multi-million pound sum had not reached its intended recipient as part of a large transaction. The client had discovered unusual e-mails and were unsure as to what to do next.
The client had been alerted to the missing funds in question during the ‘golden twenty-four hours’, a metric we use to prioritise the recovery of stolen funds. During this 24-hour period, we have the best chance of recovering funds.
The MDR Cyber team conducted an investigation of the e-mails received by the client, identifying a sophisticated Business E-mail Compromise. The attackers had used multiple malicious internet domains which resembled valid domains, as well employing technical means to redirect legitimate emails. Our team identified the attacker’s infrastructure and developed a strategy to take down the multiple services that were being used. The team took down multiple domains, hosting accounts, e-mail addresses and other bank accounts involved in the fraud.
Alongside this activity, the MDR Cyber team worked with the Mishcon de Reya Fraud team to recover the lost funds, working with the relevant banks identified during the investigation.
Within 24 hours our team had gained a court order to stop the funds in question being moved. MDR Cyber and our Fraud team were able to freeze over 98% of the funds lost.