Recently a client was the subject of a security breach where an email instructing a payment be made to a supplier, sent from a staff member on a home laptop to an office computer, was intercepted, cloned and re-sent as a follow-up email saying that the first email had incorrect bank account details but here are the new ones etc. etc. Unfortunately payment was made and a substantial amount of money sent to fraudsters inadvertently.
Once the crime came to light, we acted quickly, as follows:-
1. All computers had their hard drives removed and scanned via an uninfected computer. One computer was found to be infected with a serious virus. This computer was scrapped and a new system installed in its place. Several computers had low-threat viruses, these were cleaned and the hard drives re-installed.
2. A more secure router was installed to replace the ISP's generic one
3. The passwords on all mailboxes were changed to random ones, generated using a secure password generator - they are all essentially random strings of punctuation symbols, dual-case letters and numbers.
After all this, cloned emails are still occasionally arriving to try and trap the unwary and we're at a loss as to how the perpetrators are intercepting the emails - does anyone have any suggestions?