It started as a routine email exchange.
A law firm was communicating with an overseas client regarding the transfer of legal fees. The conversation was clear, expected, and entirely professional. Nothing raised concern.
Until something changed, without anyone noticing.
A third party had gained access to the email chain. With subtle precision, the attacker impersonated the law firm by making a minor alteration to the email address, barely visible unless you look closely. New payment instructions were then sent, requesting a change in bank account details.
The client, acting in good faith and trusting the ongoing communication, proceeded with the transfer.
Only later did it become clear: the funds had been diverted to a fraudulent account.
This is not an isolated incident
It is part of a growing pattern where attackers do not rely solely on technical breaches, but on timing, observation, and trust. They wait. They study communication flows. And when the moment is right, especially when money is about to move, they step in.
What makes these cases particularly concerning is how ordinary they appear. There are no obvious warning signs. No dramatic red flags. Just a small change, at the wrong time, in the wrong place.
And that is often enough
The reality is simple:
This can happen to anyone.
Law firms. Businesses. Finance teams. Individuals.
Any environment where email is used to exchange financial instructions is a potential target.
A simple shift in mindset can make the difference:
- Never rely solely on email for payment instructions
- Always verify any change in bank details through an independent channel
- Pause before executing any transfer, especially when urgency is introduced
In today’s digital landscape, the risk is no longer in the complexity of the attack,
but in how convincingly normal it appears.
Because sometimes, the most dangerous email… looks exactly like the one you were expecting.