CASE # 1
Case file
Cyber security

A Dubai Trading Company Wired AED 380,000 to the Wrong Account . Here Is How It Happened.

WHAT IS IT ABOUT

Business Email Compromise (BEC) is a cyberattack in which an attacker gains access to a corporate email account, monitors communications silently for weeks, then impersonates a known supplier to redirect a payment. In the UAE trading sector, BEC typically targets accounts payable teams processing high volumes of supplier invoices. Theattacker changes a single letter in the supplier domain — invisible in a busy inbox. Recovery is only possible within the first 24 hours. After that, fund shave typically moved through multiple jurisdictions and are unrecoverable.

THE INCIDENT

A Dubai trading company wired AED 380,000 to a supplier. The supplier never asked for it.

The email looked perfect. Same name, same signature, same email thread. One letter changed in the domain — thekind of change that does not register when you are processing invoices undertime pressure.

The fraudster had been readng their inbox for six weeks. Not guessing. Not phishing randomly. Reading. They had learned the supplier names, the invoice cadence, the tone of the financeteam, and which payment day created a window.

On invoice day, when a bank detail change request feels routine — because everything about it looks routine— the payment went through.

This is Business Email Compromise. And in the UAE trading sector, it is not primarily a cybersecurityproblem. It is a cash flow problem.

The finance team was not careless. They were processing 40 invoices that week. The fraudulent one looked exactly like the other 39.

Recovery is possible, but only in the first 24 hours. After that, the money has moved through three jurisdictions. The trading company recovered a partial amount through their bank's fraud team. Most of the AED 380,000 was not recovered.

WHAT THIS REVEALS

●       Attackers do not need to break into your systems. Theyneed a single leaked password — often from a breach years ago, freely availableon the dark web — to access an email account and begin surveillance.

●       The six-week observation period before the attack isthe part most organisations do not understand. By the time the wire transfer istriggered, the attacker knows your suppliers, your tone, your payment schedule,and exactly which invoices are expected.

●       BEC is designed to exploit busy, high-volumeenvironments. The 40-invoice-a-week finance team is not careless. They are theexact operational context this attack is engineered for.

●       UAE Central Bank cybersecurity guidance and the UAEPDPL both create obligations around controls and breach reporting that a BECattack triggers. This is a compliance incident as well as a financial one.

IF THIS HAS ALREADY HAPPENED

If the transfer has already gone through:

Call your bank's fraud team now — by phone, not email. Ask for a hold on the transfer. You have hours, not days.

Do not touch the email account. Screenshot everything first. Once you change the password, forensic evidence starts disappearing.

File a police report with Dubai Police Cyber Crime Unit immediately. Banks move faster with a report number.

There are four more steps — and the order matters. Getting them wrong in the first 48 hours closes options permanently.

We can walk you through it.

One click away . No prior relationship needed.

Contact us nowView on Linkedin
NORDSTAR NOTE

In the BEC cases we have reviewed, one pattern repeats: organisations discover the breach through the bank, not through their own detection. By that point, the attacker has already closed access and moved the funds. The real security gap is not in the payment — it is in the absence of any detection capability between the time the inbox was compromised and the time the payment was made. In some cases that gap is eight weeks. In others, it is longer.

The 5-Step Bank Detail Change Protocol

The checklist our team uses with UAE accounts payable teams. Takes under ten minutes to implement. Stops most BEC attempts before they reach the payment stage. Enter your details and we will send it directly to your inbox
Thank you! Your submission has been received.
Oops! Something went wrong while submitting the form.