Skip to content
Back

// Illustrative risk scenarios

Typical prevention & risk scenarios

The following scenarios illustrate how typical business risks can be made visible early and prioritised — from the situation to the concrete benefit.

The following scenarios are illustrative examples for framing typical risk situations. They are not client references, contain no customer data and include no guarantee of success or takedown.

01

E-Commerce / fake shop & lookalike domains

Situation
An active online shop wants to understand how easily its brand can be abused for fraudulent clones.
Business risk
Loss of revenue and reputation through fake shops, payment redirection and declining customer trust.
Visible signals
Lookalike domains, missing DMARC enforcement, publicly exposed login and checkout paths.
Measures
Domain and brand observation, hardening email authentication (SPF/DKIM/DMARC), reviewing login/checkout configuration.
Benefit
Early visibility of brand abuse and a prioritised, actionable plan of measures.
Limits
Only lawful, public sources; no guarantee that third-party domains can be removed.
02

Law/tax firm / invoice-fraud readiness

Situation
A law or tax firm wants to check how susceptible client communication and payment approvals are to fraud.
Business risk
Invoice fraud, payment redirection and loss of client trust.
Visible signals
Spoofable senders, gaps in SPF/DKIM/DMARC, unclear approval processes for payment changes.
Measures
Harden email authentication, four-eyes approval for payment changes, staff awareness.
Benefit
Reduced attack surface for invoice fraud and a clear, documented process.
Limits
No legal advice; implementation within the firm remains with the organisation.
03

Practice / secure communication & exposure readiness

Situation
A practice wants to assess how secure its communication is and how visible its external attack surface is.
Business risk
Compromised accounts, unprotected communication and risks to sensitive data.
Visible signals
Accounts without MFA, exposed forms/portals, weak email and domain configuration.
Measures
Introduce an MFA process, secure communication channels, passively review data-protection readiness.
Benefit
A traceable overview of weak points and prioritised, practical steps.
Limits
No active intervention without approval; no GDPR guarantee.
04

Mid-market supplier / external footprint & mail security

Situation
A supplier needs to demonstrate its security maturity to larger clients.
Business risk
Loss of contracts and trust if supply-chain requirements cannot be evidenced.
Visible signals
Outdated DNS/mail records, a visible attack surface, an unclear evidence base.
Measures
Create an exposure overview, harden mail (SPF/DKIM/DMARC), prepare evidence documentation for clients.
Benefit
Demonstrable security maturity and a stronger position in supplier reviews, tenders and audits.
Limits
No active testing of third-party systems; no completeness guarantee.
05

Agency / software house / SaaS, client portals, DNS, brand trust

Situation
An agency or software house with access to client systems wants to assess its own attack surface.
Business risk
An incident at a service provider can affect several clients and overall brand trust.
Visible signals
Exposed subdomains, publicly discoverable repositories, SaaS accounts without MFA, unclear DNS hygiene.
Measures
Access and account readiness, DNS/domain hygiene, hardening SaaS (e.g. Microsoft 365 / Google Workspace).
Benefit
Lower risk of passing exposure on to clients and a credible trust signal.
Limits
No unauthorised testing of third-party or client systems; only after approval.
06

Property management / document exchange & payment-process risk

Situation
A property manager with many stakeholders and high payment volumes wants to assess process risks.
Business risk
Payment fraud, incorrect account details and loss of trust among owners and tenants.
Visible signals
Spoofable emails, unclear approvals, sensitive documents shared via insecure channels.
Measures
Email authentication, a verification process for account-detail changes, governed and protected document exchange.
Benefit
Lower fraud risk in the payment process and clearly governed procedures.
Limits
No guarantee of success; process implementation remains with the manager.
07

SMB / email, domain and incident-plan readiness

Situation
A company wants to know how vulnerable its website, email and domains appear externally and how prepared it is for disruptions.
Business risk
Compromised accounts, invoice fraud and longer outages without an incident plan.
Visible signals
Weak mail configuration (SPF/DKIM/DMARC), accounts without MFA, a missing or untested incident plan.
Measures
Harden mail auth and MFA, review backup/restore readiness, establish incident-plan foundations.
Benefit
A clear short report with prioritised actions and greater confidence in what to do.
Limits
No active intervention without approval; no completeness guarantee.
08

Account takeover / phishing initial assessment

Situation
After a phishing message, there is a suspicion of a taken-over email or account — a structured initial assessment is needed.
Business risk
Further account access, data leakage and knock-on damage to contacts or the company.
Visible signals
Unusual logins, changed forwarding rules, suspicious messages and provider indicators supplied by the affected party.
Measures
Prioritised hardening steps, preserving indicators (logins, messages, timestamps), a documented assessment.
Benefit
A clear basis for reporting, provider contact and next steps.
Limits
No recovery guarantee; implementation with providers remains with those affected.