Scottish firms lost £7 million in last 7 months to social engineering attacks

Scottish firms lost £7 million in last 7 months to social engineering attacks

Spam-based phishing campaigns declined in 2018 but attacks on SaaS users rose

Cyber criminals conned Scottish firms and individuals of more than £7 million in just seven months by targeting them with phishing emails and other social engineering tactics.

Since July of last year, Scottish firms and residents have suffered a total of 19 cyber incidents, including cases of telephone scams, email scams and phishing messages.

Back in 2016, a Scottish blue-chip company was conned out of £18 million after an employee was tricked into transferring the cash into a foreign bank account after criminals posed as the Scottish firm's boss. Cyber criminals beinh the 'vishing' scam used company jargon on emails to unsuspecting employees to convince them that the emails were genuine.

"Generally, a finance person will get the call from someone saying they are the chief exec. 'You have never met me before,' the person will say, 'but you know my name, don't you?'

"The caller will then say that he has a 'hush-hush' project to discuss, an acquisition or business deal. 'You can't tell anybody about it,' the caller will say, 'but I need you to move money straight away'," said Detective chief inspector Kenny Thomson of Police Scotland's economic crime and financial investigation unit.

Last year, Robert O’Brien, CEO of MetaCompliance, warned that Scottish firms could suffer debilitating cyber-attacks in the future if they didn't pull up their socks and improve their cyber-security protocols.

"The very future of Scottish companies dealing with European data depends on them understanding and complying with GDPR law - which the UK Government has pledged to adopt regardless of Brexit. GDPR will require organisations doing business in the EU and the UK to disclose major data breaches - including those stemming from cyber-attacks - to data protection authorities and affected customers," he said.

Despite such warnings, Scottish firms continue to fall victim to sophisticated phishing campaigns and other social engineering tactics. According to a new report published by, Scottish businesses and individuals lost more than £7 million since July last year to targeted phishing and social engineering attacks.

"Each incident has seen criminals using genuine-looking phone-numbers or email addresses and claiming to work for a bank or company that needs to verify the victim’s bank account details or personal information. Once the details are obtained they empty accounts of money, with £7 million stolen over the 19 cases since summer 2017," the report said.

It added that Scottish firms that suffered financial losses because of such attacks included football clubs Hamilton Academical and Hearts, as well as Highland Hospice in Inverness and Accies.

“Banks will not contact businesses or individuals asking for personal information or ask you to carry out a transaction. If someone starts asking for these details, end the call and contact your bank.

“If you decide to ring back and verify the call it is advisable to do so on a different phone line, like another landline or your mobile. If you are still unsure, consider visiting your local branch instead of speaking to someone over the phone,” said Jim Robertson, Detective Chief Inspector of Police Scotland's economic crime and financial investigation unit.

"People make sure that their house and cars are locked and secure, and the same policy should be adopted online. Simple things like making sure you use strong passwords for -personal and business accounts and being wary when accessing public Wi-Fi can help keep people safe,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles