Shutting Down Business Email Compromise for a Mining Company in less than 5 minutes

 

Challenge:
  • The mining company was targeted by a high-risk Business Email Compromise (BEC) phishing scam.
  • The email was sent from a trusted third party contact whose account had been hacked.
Solution:
  • Rapid detection and response, with the attack shut down in four minutes.

Phishing scams are becoming more convincing, and the last place you expect them to come from is a trusted contact. Yet that’s the current reality with Business Email Compromise (BEC). Cyber criminals gain access to an email account to target partners, vendors, suppliers, or coworkers. This threat leverages trusted relationships to give attackers the upper hand, and it’s now one of the top threats affecting Australian businesses.

Ever Nimble’s CEO Chris Morrissey says, “This is exactly how most cyber attacks are getting through now.”

This is the threat our client in the mining industry faced when a geologist received a phishing email that looked legitimate – because it was sent by a trusted third party they were already emailing. The email asked the geologist to click a link, which led to a login page where they could enter their details. Nothing seemed out of the ordinary.

The risk?

With these details, cyber criminals could access sensitive company data which is commercially critical for mining operations. They could also move across internal systems, send phishing emails to other staff to spread the attack, and trigger compliance and reporting obligations. The business impact would be devastating, with consequences spanning interrupted production, impacted safety, the potential for commercially sensitive insights to be exposed, and massive financial impact across downtime, recovery, and regulatory penalties.

In this scenario rapid response was critical. Luckily, the organisation had Ever Nimble in their corner. Our cyber security experts didn’t just detect the threat; they shut it down in record time to prevent these consequences.

How Our Experts Handled the Threat

  1. Ever Nimble’s team detected the breach via Microsoft log data.
  2. They identified the compromised account within seconds.

  1. They locked the attacker out almost immediately.
  2. They prevented any data access, email activity, or system damage.

What’s more, Ever Nimble leveraged AI-driven email monitoring tools to identify the phishing email across eight additional users. The email was removed from every inbox, ensuring no further clicks could occur and put the organisation at risk.

The Numbers
  • The hacker had access for four minutes.
  • The attack was detected within five seconds of logs being received.
  • The hacker was locked out two seconds after the attack was detected.
  • Total remediation time was four minutes, seven seconds.

While the industry benchmark says to detect and contain threats within 30 minutes, because attackers are now achieving breakout in an average of 29 minutes. Ever Nimble’s team were able to shut the threat down in four. This translated to zero data being accessed, emails sent or deleted, operational disruption, and financial or reputational damage.

The Lesson 

So, what can other businesses learn from this? 

  1. Emails aren’t a secure communication platform, and even known contacts can be compromised.
  2. Attacks are becoming more sophisticated and human error is inevitable, making systems, response speed, and the right cyber security partner critical.
  3. There was nothing technical that could have prevented this specific hack. Your cyber security shouldn’t only focus on prevention; it’s also about how fast you can respond when a threat slips through these systems.

If you’re not confident in your current cyber security setup, key steps to take include starting ongoing cyber awareness training for your team to reduce the risk of human error, implementing layered protection (which should include AI monitoring and human response), and working with an IT partner who can detect threats and act instantly. At Ever Nimble, we help with all the above, so you get peace of mind and stay protected.

You can learn more about our cyber security and cyber awareness training services, or get in touch today to start building your cyber resilience.

FAQ’s

What is a phishing email?
Cyber criminals impersonate trusted people or organisations, and email targets with the aim of gaining financial information or funds, data, or login credentials. Phishing emails often include links that lead to false login pages, or attachments that download malware. They target human error and leverage trust, a sense of urgency, or emotion to trick recipients into taking action.

What is Business Email Compromise?
BEC is a form of phishing that targets employees within a business. Cyber criminals hack into or impersonate a trusted email account (like a coworker, vendor, supplier, or client), and trick targets into sending money, sharing sensitive data, or granting approvals without following typical processes. This threat exploits familiarity, trust, and often authority – making it more effective than a generic phishing scam.

Is Business Email Compromise a concern for businesses today?
Absolutely. It’s currently one of the top three cyber crimes affecting Australian businesses. BEC targets human error (which is involved in 90% of cyber attacks), and email content is becoming more sophisticated with the help of AI. This = less spelling or grammatical errors, so threats are harder to spot.

Why do businesses need Cyber Awareness Training?
Training your team to spot current threats is critical to reduce human error. This includes educating your team around BEC, so they’re aware of what to look out for and best practices. This can also help businesses reduce the risk of invoice fraud (a common aim of BEC scams).

How can Ever Nimble help build cyber resilience?
As a Managed Security Service Provider (MSSP), we deliver a comprehensive, proactive approach to secure your business. This includes the tools and processes to prevent, detect, and rapidly respond to threats (including BEC) so you can safeguard your people, operations, and data. You can learn more about our bespoke cyber security packages here.

Share This