The recent cybersecurity breach at Marks & Spencer has brought renewed attention to a growing and dangerous trend in cybercrime: attackers impersonating legitimate staff members to trick IT providers and gain access to business systems.
At datamills, we’ve long had a strict policy in place to guard against this exact type of threat. If someone contacts us claiming to be a member of your team, we will only act on their request if they’re listed as an authorised contact on your company’s records and we are able to confirm this.
Sometimes this causes frustration — especially when you’ve recently hired someone and haven’t had a chance to update us. But we want to explain why this step is absolutely necessary and how it helps protect your business.
The Real Risk: Hackers Pretending to Be Your Staff
Cybercriminals are increasingly turning to social engineering — the practice of manipulating people into giving up confidential information or access — as one of their most effective tools. Instead of breaking down firewalls, they exploit trust.
One of the most common tactics involves impersonating staff members. A fraudster may ring or email an IT provider, pretending to be someone from your team, and ask for a password reset, system access, or email forwarding setup.
Although the recent M&S attack has been covered in the news, this is not a new approach….
- Marks and Spencer
The hacking group believed to be behind the M&S attack, Scattered Spider, is notorious for impersonating employees at companies like MGM Resorts and Caesars Entertainment. In all cases, they tricked help desk staff into resetting credentials, leading to ransomware deployment and millions in losses.
- FACC
Global aerospace firm FACC fell victim to an email-based social engineering attack that cost the company £46 million. Cybercriminals gained access to the CEO’s email account and used it to send convincing messages to staff, instructing them to transfer large sums of money as part of a supposed “acquisition project.” Believing the request was legitimate, a junior accounting employee authorised the transfer without proper verification.
- Twitter (2020)
Hackers used social engineering to target Twitter employees over the phone, convincing them to provide login details to internal tools. They then hijacked several high-profile accounts including those of Elon Musk and Barack Obama, posting cryptocurrency scams. Dmitri Alperovitch, the co-founder of cybersecurity company CrowdStrike, described the incident at the time as “the worst hack of a major social media platform.
Our Policy: Why We Don’t Make Exceptions
Here at datamills, if someone rings or emails claiming to be part of your team, we will never take action on their request unless they’re pre-approved on your contact list. That includes:
- Resetting passwords
- Granting system access
- Changing user permissions
- Enabling remote tools or email redirects
Even if it’s inconvenient in the moment, this policy exists for one reason: to protect your business from the very real and increasing threat of impersonation-based attacks.
Help Us Help You: Keep Your Contact List Up to Date
We understand that staff come and go, and not everyone remembers to notify their IT provider every time there’s a change. But having an up-to-date list of authorised contacts makes all the difference.
Here’s how you can help:
- Let us know as soon as someone new joins or leaves your business.
- Nominate a central person in your organisation to handle updates and approvals.
- Review your authorised contacts with us every 6–12 months as a precaution.
When someone contacts us who isn’t on the list, we’ll always take steps to verify their identity — but having them pre-listed means we can act quickly and securely.
In Light of Recent Events: A Wake-Up Call for Us All
The M&S breach is just the latest in a string of high-profile examples showing that even the most recognisable names are vulnerable to cyber threats — particularly those that target human error and trust.
At datamills, we believe security is a shared responsibility. While we take every precaution on our side, your vigilance in keeping us informed helps close the loop. Through our sister company Cyber Division we are able to provide cyber hacking simulations and risk reports, if you would like more information on this get in touch or read more here
If you’re unsure who we have listed for your business, or want to review your approved contacts, just get in touch.
info@datamills.co.uk
0114 287 0510
Let’s continue working together to keep your business secure.