Sicra Header Logo
  • Careers
  • About us
  • People
EnglishNorsk
Talk to us
  1. Knowledge
  2. Insights
  3. Blog
Blog
13.05.2026
min read

When the board was almost scammed

How attackers used public information to come dangerously close.
<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >When the board was almost scammed</span>
Sicra_Portrait_Crop_1200x1500px_4808
Oddbjørn SkaugeChief Information Security Officer
Forward thinking CISO focused on practical and effective approaches to information security. 

It started as a completely ordinary afternoon. The time was approaching 5 PM. Meetings were done. Thoughts were already drifting toward other things.

Then the phone rang. A board member answered.

“Hello, this is Pedersen from the auditing firm.”

The voice was calm. Professional. Slightly rushed. He explained that since the company had recently registered a relocation of its headquarters, a few formal registrations still needed to be completed. He was working late. He really just wanted to finish up and get home.

There was a slight sense of urgency. But not enough to seem suspicious.

Everything matched. Almost.

Pedersen knew who sat on the board, who the chairperson was, and who the company auditor was. He knew about the relocation. He referred to other board members by name. They had not had time to sign yet, he said. Could you help?

This is the core of modern fraud. It is not obviously wrong. It is almost correct. Almost professional. Almost completely believable. And that is exactly what makes it dangerous.

What had actually happened

The company had done something entirely normal: registered a relocation of its headquarters with the Norwegian Register of Business Enterprises. Public information, available to anyone.

And someone was paying attention.

Fraudsters do not monitor your business, they monitor your events.

As soon as the registration was submitted, the work began: mapping the board, gathering phone numbers, identifying the auditor, and preparing a believable story. This was not random. It was targeted.

Timing is an attack tool

The calls came around 5 PM. When people are tired, mentally moving on with their day, and less alert than they believe they are.

The best attacks do not happen because people lack competence. They happen because people are under time pressure.

The pressure

Pedersen was polite. But also slightly insistent. After all, he was working overtime. He just wanted to finish. Couldn’t they simply sign quickly?

Then came the request. A digital signature. A BankID request.

What almost happened

Several board members received the same call. Everyone reacted slightly, something felt off. But not enough for anyone to raise the alarm. Most said they did not have time. Some redirected him elsewhere. Then the signing request arrived anyway. It came very close.

What stopped it?

Not technology. Not security systems.

Coincidence, and communication. The request came from the wrong bank. Nobody approved it. And most importantly: the board members started talking to each other. Shared reflection stopped what individual skepticism alone could not.

Individual skepticism is good. Shared situational awareness is better.

What the board did afterwards

Afterwards, one thing became clear: this could have ended very badly. The board therefore introduced a few simple but effective measures:

  • Two way verification with code words: In unusual requests, one person provides an agreed code word, the other must answer correctly. Simple and difficult to bypass.
  • No decisions under time pressure: If something feels unusually urgent, it probably is not.
  • Always verify through a known channel: No action based solely on incoming phone calls, emails, or messages. Everything is verified through contact information you already have.
  • Never approve BankID requests without context: If you are not expecting it, do not approve it.
  • Low threshold for communicating internally: What actually stopped the attack was that the board members called each other.

The board’s role in 2026

This is not an IT problem. It is a board level responsibility. The attacks do not primarily target your infrastructure, they target your decisions. With regulations such as the Digital Security Act and NIS2, boards are expected to understand this risk, take active measures, and help build a culture where security is everyone’s responsibility, not just IT’s.

A true story

This was not an advanced technical operation. It was good research, perfect timing, psychological pressure, and a believable story. That was almost enough. And perhaps that is the most disturbing part of all.

You do not need to be careless to be deceived. You only need to be a little busy.

Would you like to know how prepared your organization is against attacks like this? Reach out for a no obligation conversation.

Sources

  • Norwegian National Security Authority – Fundamental Principles for ICT Security (Norwegian only)

  • Digital Security Act (Norwegian only)

  • NIS2 directive (EU) 2022/2555

Would you like to know how prepared your organization is against attacks like this?

We are happy to have a non-binding conversation. 
Contact us

Explore more

AI is cheap now. Here’s how to avoid getting locked in later.
Blog

AI is cheap now. Here’s how to avoid getting locked in later.

AI is cheap today. Build solutions that can handle higher costs tomorrow.
Agentic Security Operations Centers (SOC) are here. But how do you control the agents making the decisions?
Blog

Agentic Security Operations Centers (SOC) are here. But how do you control the agents making the decisions?

Cybersecurity
CISO
SOC
Agentic SOCs are here. But who monitors the agents doing the monitoring?
11 security measures your business should have in place before the holidays
Blog

11 security measures your business should have in place before the holidays

Tech blog
Cybersecurity
11 measures that better prepare your business for the summer holiday.
AI in cybersecurity: Why the technology works for both attackers and defenders
Blog

AI in cybersecurity: Why the technology works for both attackers and defenders

Cybersecurity
CISO
AI works for both sides. The question is whether defenders can keep pace.

Stay updated
Receive the latest news

Links
SustainabilityFAQPartnersCertifications and awardsCareerPress & brand
Contact
Tel: +47 648 08 488
E-mail: firmapost@sicra.no

Posthuset, Biskop Gunnerus’ gate 14A, 0185 Oslo, Norway

Follow us on Instagram

Follow us on LinkedIn
Certifications
iso27001-white
ISO 27001 compliance
miljofyrtarnlogo-hvit-rgb
Eco-Lighthouse
iso9001-white-removebg-preview
ISO 9001 compliance
Sicra Footer Logo
Sicra © 2025
Privacy Policy