Cyber Heist: Zephyr Energy Loses £700,000 in Payment Diversion Scam
In a recent cyberattack, British oil and gas company Zephyr Energy reported a loss of £700,000 (approximately $1 million) from one of its U.S.-based subsidiaries. The funds, intended for a contractor, were redirected into an account controlled by cybercriminals. This incident underscores the growing threat of business email compromise (BEC) attacks targeting the energy sector.
Zephyr Energy disclosed the breach in a regulatory filing with the London Stock Exchange, stating that they are collaborating with banks and consultants to recover the misappropriated funds. While the company did not provide specific details on how the breach occurred, it is widely recognized that BEC attacks often involve unauthorized access to email accounts or financial systems. Attackers manipulate payment details, diverting funds to their own accounts.
The Federal Bureau of Investigation (FBI) has identified BEC attacks as a significant source of financial loss. In its latest annual report on internet cybercrime, the FBI reported that such attacks resulted in over $3 billion in losses during 2025. These attacks typically involve cybercriminals infiltrating email systems to alter payment instructions, leading to substantial financial damages for businesses.
Zephyr Energy has assured stakeholders that the incident is contained and that their operations continue without disruption. The company emphasized its adherence to industry-standard practices for technology and payment platforms. In response to the breach, Zephyr has implemented additional security measures to prevent future incidents.
This event highlights the critical need for robust cybersecurity protocols within the energy sector. Companies are urged to enhance their security frameworks, conduct regular audits, and educate employees on recognizing and mitigating potential cyber threats.
