High-profile and hunted online: How an MD vowed to never become a target of cyber criminals again

Last summer, David McCutcheon, Managing Director at Bullet Express in Glasgow – one of Scotland's leading haulage companies, was the victim of a phishing email attack known as ‘whaling’. This is when cyber criminals use sophisticated techniques to target high-profile employees within a business.

The Finance Director at Bullet Express received an email from David requesting a payment to be made. The payment was released. However, when the Finance Director received further emails in quick succession chasing the payment she became suspicious and called David. It was immediately apparent that the email had not originated from David but was a scam. The team called its bank, which froze the account and the funds were recouped.

If it was not for the staff member’s prompt detection, David fears the cost to his business would have been much more substantial than a loss of a day’s work. 

David was lucky on this occasion as the impact to his business was minimal, but the experience has made him keen to share his story. He wants to make sure other business owners appreciate how easily cyber attacks can happen when someone is not trained to look out for the signs.

David says, “Businesses should not shy away from the topic of cyber security, thinking it will never happen to them. I’ve been in business for more than 25 years and in that time I never had to deal with anything like this. 

“Phishing emails like this are on the increase and they are just as much of a threat to a business as anything else. What happened to us was a wake-up call. It was so easy to miss.

“While it can be intimidating and confusing at times, it is essential that businesses like ours educate themselves to learn more about the risks from cyber attacks, because they’re not going away and we have a responsibility to our customers. Investing in robust digital infrastructure and security is essential because a business is only as strong as its weakest link.”

Since the attack, Bullet Express has invested in training and implemented new operational processes to ensure similar issues do not occur again. Monetary transfers are now only managed through purchase orders or other approved mechanisms.

In addition, the company upgraded its firewall and anti-virus software to better deal with the possibility of a future cyber threat. The business has not had a cyber incident since and their new enhanced operational procedures allow Bullet Express to identify and address potential issues before they can cause harm.