New Delhi, June 2 -- In March, SriLankan Airlines discovered that UAE Dirham (AED) 974,000, roughly 87 million rupees, had been wired to a fraudulent bank account. The method was not a sophisticated hack. A Dubai based supplier's electronic mail account had been compromised, and the attackers simply altered the bank account details in what appeared to be a routine payment instruction. The Airline processed the payment in good faith. The money vanished.

This was not an isolated case. In Sri Lanka, over the same period, the Treasury lost US$ 2.5 million through an almost identical technique - a business email compromise (BEC) attack that diverted five instalments of a bilateral debt repayment to Australia into a fraudulent account in Delaw...