Kyanite Blue
Threat Intelligence

BEC and Invoice Fraud in Professional Services: How Attackers Target UK Consultancies

Business Email Compromise (BEC) costs UK businesses an estimated £137 million annually, according to Action Fraud data — and professional services firms are among the highest-value targets. Attackers infiltrate or spoof the email accounts of partners, finance directors, and senior advisers, then redirect invoice payments, payroll, or client funds. The professional services model — high-value transactions, trusted relationships, multiple external counterparties — creates exactly the conditions BEC attackers exploit. The Solicitors Regulation Authority reported that UK law firms alone lost over £2.5M to BEC attacks in a single year.

BEC costs UK businesses £137M annually. Professional services firms are among the highest-value targets.

How BEC Attacks Target Professional Services Firms

BEC attacks against professional services firms typically follow one of three patterns:

  • CEO/partner fraud — an attacker spoofs or compromises the email of a senior partner, instructing finance to make an urgent payment to a new account
  • Invoice hijacking — attackers intercept legitimate invoices and modify bank account details, redirecting client payments
  • Client impersonation — attackers pose as clients instructing the firm to redirect funds, change payment details, or share confidential documents
  • Conveyancing fraud — particularly prevalent in legal and property advisory work, where large transaction sums are redirected at the point of completion

Why Professional Services Firms Are High-Value Targets

Several characteristics of the professional services model make BEC particularly dangerous:

  • High transaction values — invoices of £10,000–£500,000 are common, making fraudulent redirections extremely valuable
  • Trusted relationships — clients and counterparties expect instructions from named partners and do not question urgent payment requests
  • Open email culture — professional services firms routinely email sensitive documents, instructions, and financial information without additional verification
  • Multiple counterparties — consultancies, law firms, and accountants interact with dozens of external parties per engagement, multiplying the attack surface
  • Time pressure — professional services work often involves genuine urgency, which attackers exploit to bypass verification procedures

Technical Controls That Stop BEC

The technical controls that most effectively prevent BEC in professional services environments are:

  • DMARC, DKIM, and SPF — email authentication protocols that prevent domain spoofing; without all three configured correctly, attackers can send emails that appear to come from your domain
  • Anti-impersonation controls — email security tools that flag messages from look-alike domains (kyan1teblue.com rather than kyaniteblue.com)
  • MFA on all email accounts — preventing account compromise even if credentials are stolen via phishing
  • Email link rewriting and sandbox detonation — inspecting URLs in emails before staff click them
  • Bank detail change verification — a documented procedure requiring phone verification to a known number before any change of payment details is actioned

Frequently Asked Questions

What should professional services firms do if they receive a suspicious payment instruction?

Never action a payment instruction received only by email, particularly if it involves a change of bank details or is marked urgent. Call the requestor using a known phone number — not a number provided in the suspicious email. If the payment has already been made, contact your bank immediately using their fraud line; banks can sometimes recall payments within 24 hours. Report to Action Fraud (0300 123 2040) and notify affected clients promptly.

Does cyber insurance cover BEC losses?

Coverage varies significantly between policies. Many cyber insurance policies cover BEC losses under a "social engineering" or "funds transfer fraud" sub-limit — which is often substantially lower than the overall policy limit. Some policies exclude BEC entirely or require specific security controls (MFA, email authentication) as a condition of cover. Review your policy wording carefully and speak to your broker about whether your current cover is adequate for your firm's transaction volumes.

Get a BEC vulnerability assessment

Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.

Get in touch

Featured Product

Coro

Learn more

Ready to secure your iGaming operation?

MGA-licensed operators across Malta trust Kyanite Blue.

Book a call Browse all guides