Skip to content
City PM
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
  • Germany
  • France
  • Europe
  • Markets
  • Business
  • Opinion
Thursday 04 October 2018 3:21 pm  |  Updated:  Tuesday 21 May 2019 4:24 pm

UK business emails could represent a major cyber security flaw

NULL

Business emails could represent a major security flaw for UK companies, after it was revealed millions of account details are openly available for purchase through criminal networks and on the dark web.

The financial details of almost 5,000 UK companies were found to be exposed in third party breaches and sit within criminal forums, including email addresses and matching passwords, research from cybersecurity firm Digital Shadows will today reveal.

Poor security practices such as not updating back ups have left over 12m email archives, including entire company inboxes, available to buy on networks. Analysts also discovered that sensitive information was freely available via a stockpile of 27,000 invoices, 7,000 purchase orders and 21,000 payment records.

Email addresses for finance departments were particularly targeted, with more than 33,000 emails listed on networks. Such credentials are considered as highly valuable, with one email address and password set fetching $5,000 (£3,843).

Read more: Fewer than one in five households protect cyber security of smart devices

Recent research from the FBI suggested scams resulting from business email compromise, such as fake invoices, have cost businesses $12bn globally over the last five years.

Digital Shadows executive Rick Holland warned it is relatively easy for cybercriminals to find whole inboxes and accounting credentials, and in some cases, bidders actively request them. 

"Phishing continues to be a very serious problem associated with business email compromise but unfortunately, we discovered that is far from the only risk, especially as barriers to entry for this type of fraud are coming down," Holland explained. 

"Millions of companies are already exposed through misconfiguration issues or finance department emails and passwords circulating online."

"Organisations can never mitigate these issues entirely; however, it is within their power to at least tighten up on their own processes to ensure that their data exposure is kept to a minimum."

 

Share this article

  • Facebook
  • X
  • LinkedIn
  • WhatsApp
  • Email

Similarly tagged content:

Sections

  • News

Categories

  • Tech

Related Topics

  • Cybercrime

Trending Articles

  • Top Burnham adviser calls for capital gains and inheritance tax hikes

  • Housebuilding giants hit with £4.5bn lawsuit for allegedly overcharging buyers

  • Brewdog chief executive quits after only one year

  • A meeting with the breakfast king of Mayfair

  • As it happened: Stocks jump on defence and metals boost; Oil on track to shed a fifth on US-Iran peace hopes

More from City PM

  • UK banks’ digital ID bid is a game of optics – and the odds are not in their favour

    Banking
    Banking app interface showing financial transactions and account balance on a smartphone screen, emphasizing digital finan...
  • BT tops FTSE 100 after finding new home for international business with Verizon joint venture

    Business
    A sign at the headquarters building of BT Group Plc in Aldgate, (Photographer: Hollie Adams/Bloomberg via Getty Images)
  • Wise profit slides as costs racks up from US listing

    Fintech
    Wise outlined plans to shift its primary listing to the US in June.
  • As it happened: Stocks tumble after Apple rattles global markets; UK food exports hit by US tariffs

    Markets
    Apple unveils new products at recent event showcasing innovative technology and sleek design to global audience
  • Barclays and Lloyds join banking sector plan for digital ID

    Banking
    Banking app interface showing financial transactions and account balance on a smartphone screen, emphasizing digital finan...
  • ‘Streets ahead’ – London aims to wear the legal AI crown

    Legal
    GettyImages 2244121938 displaying a professional business meeting with diverse executives discussing strategic plans in a ...
  • Luminance’s boss: Why building our own AI beats ‘rented intelligence’

    Legal
    Unfortunately, I dont have the specifics of the article content or title to generate the alt text. Could you provide more ...
  • Pigment boss: ‘We’re replacing legacy players at the speed of light’

    Tech
    Eleonore Crespo, CEO of Pigment, confidently leading a business meeting in a modern office setting

City PM — European politics, business and analysis.

Europe

  • Germany
  • France
  • Europe
  • UK & Ireland

Topics

  • Business
  • Markets
  • AI
  • Technology
  • Opinion
  • Energy

More

  • Politics
  • Economics
  • Fintech
  • Legal
  • Sport
  • Life

Company

  • About City PM
  • Editorial Policy
  • Corrections
  • Contact
  • Terms of Use
  • Privacy Policy
  • Cookie Policy
© 2026 City PM · Published by CityPM Media, Bahnhofstrasse 65, 8001 Zürich, Switzerland
About · Editorial Policy · Corrections · Contact · Privacy