Earlier this month Barclays received intelligence advising that a number of Barclays Corporate and non-personal clients’ email addresses and passwords had been compromised due to an Office 365 phishing campaign.

What is phishing?

Details of the attack:

• This campaign has been targeted at employees who work in Finance / Accounts i.e. those who have access to payment gateways and/or are empowered to initiate payments.
• Employee(s) within the company clicks onto an ‘Office 365’ phishing email and is prompted to type in their email credentials i.e. email address and email password.
• These credentials enable fraudsters to log in and send out emails internally and externally purporting to be from the employee; the recipient will then act on payment instructions or change of bank account details believing the email is genuine. 

Advice to clients:

• Employees working in Finance / Accounts departments should be encouraged to change their passwords on a regular basis, and be reminded of the risks of clicking on phishing emails (which can look different and vary from campaign to campaign).
• Carry out due diligence on all payment instructions where there are changes to beneficiary accounts details (organisations may wish to stipulate thresholds based on their own risk appetite).
• Ensure all personnel working in accounts or finance teams have a documented process in place (for carrying out due diligence) and that regular reminders are sent.
• We strongly recommend that clients deploy Multi-Factor authentication (MFA) which will help better secure email accounts and Office 365 access. Full details of how to do this are available on Microsoft’s website.
• Corporate clients can visit our dedicated Phishing page at Barclayscorporate.com for more information. Private bank clients can find advice on phishing within the following pages at Privatebank.barclays.com:
  • Knowing the common risks (Private Bank)