Gaurav, a finance manager in a multinational company, rose to attention one Monday morning as he received an email from *Shephali, the company’s chief financial officer (CFO). The email directed him to urgently make a payment of $10,476 toward an attached invoice to a Cyprus-based vendor. Gaurav instantly initiated the process, bypassing some of the usual vendor checks as it was urgent and approved by his CFO. Later that week, only when he met Shephali for a monthly meeting, did he realise that the email was not sent by her and that they had been defrauded.
Thereafter, a pursuant investigation revealed that the email came through from a domain which looked very similar to the one belonging to the company.