Hacker stole £700,000 from U.K. energy company by redirecting payment

A sophisticated cybercriminal successfully defrauded a major UK energy company of £700,000 in London through a business email compromise (BEC) attack in early 2024, by intercepting and redirecting a legitimate payment intended for a contractor to a fraudulent bank account under their control. The attack exploited vulnerabilities in the company's financial verification processes, highlighting the growing threat of targeted cybercrime against critical national infrastructure. The incident occurred when the hacker gained access to email communications between the energy firm and its legitimate contractor. By impersonating the contractor through a spoofed email address, the criminal provided altered banking details, instructing the company to send the substantial payment to a new account. The energy company's accounts payable department, believing the request to be authentic, processed the transfer, only discovering the fraud days later when the real contractor inquired about the missing funds. This type of attack, known as invoice fraud or CEO fraud, relies on social engineering rather than complex technical breaches, manipulating human trust within standard business procedures. This case is part of a worrying trend where cybercriminals are increasingly targeting the energy sector, which manages essential services and large financial transactions. The National Cyber Security Centre (NCSC) has repeatedly warned UK businesses about the rise in BEC attacks, which often result in significant financial losses that are difficult to recover. The energy company has since launched an internal investigation, notified relevant authorities including Action Fraud and the National Crime Agency, and is reviewing its payment authorization protocols. Experts emphasize that while technological defenses are crucial, employee training to recognize phishing attempts and implementing multi-factor verification for financial instructions are equally vital to prevent such costly breaches.