// Illustrative risk scenarios
Typical prevention & risk scenarios
The following scenarios illustrate how typical business risks can be made visible early and prioritised — from the situation to the concrete benefit.
The following scenarios are illustrative examples for framing typical risk situations. They are not client references, contain no customer data and include no guarantee of success or takedown.
01
E-Commerce / fake shop & lookalike domains
- Situation
- An active online shop wants to understand how easily its brand can be abused for fraudulent clones.
- Business risk
- Loss of revenue and reputation through fake shops, payment redirection and declining customer trust.
- Visible signals
- Lookalike domains, missing DMARC enforcement, publicly exposed login and checkout paths.
- Measures
- Domain and brand observation, hardening email authentication (SPF/DKIM/DMARC), reviewing login/checkout configuration.
- Benefit
- Early visibility of brand abuse and a prioritised, actionable plan of measures.
- Limits
- Only lawful, public sources; no guarantee that third-party domains can be removed.
02
Law/tax firm / invoice-fraud readiness
- Situation
- A law or tax firm wants to check how susceptible client communication and payment approvals are to fraud.
- Business risk
- Invoice fraud, payment redirection and loss of client trust.
- Visible signals
- Spoofable senders, gaps in SPF/DKIM/DMARC, unclear approval processes for payment changes.
- Measures
- Harden email authentication, four-eyes approval for payment changes, staff awareness.
- Benefit
- Reduced attack surface for invoice fraud and a clear, documented process.
- Limits
- No legal advice; implementation within the firm remains with the organisation.
03
Practice / secure communication & exposure readiness
- Situation
- A practice wants to assess how secure its communication is and how visible its external attack surface is.
- Business risk
- Compromised accounts, unprotected communication and risks to sensitive data.
- Visible signals
- Accounts without MFA, exposed forms/portals, weak email and domain configuration.
- Measures
- Introduce an MFA process, secure communication channels, passively review data-protection readiness.
- Benefit
- A traceable overview of weak points and prioritised, practical steps.
- Limits
- No active intervention without approval; no GDPR guarantee.
04
Mid-market supplier / external footprint & mail security
- Situation
- A supplier needs to demonstrate its security maturity to larger clients.
- Business risk
- Loss of contracts and trust if supply-chain requirements cannot be evidenced.
- Visible signals
- Outdated DNS/mail records, a visible attack surface, an unclear evidence base.
- Measures
- Create an exposure overview, harden mail (SPF/DKIM/DMARC), prepare evidence documentation for clients.
- Benefit
- Demonstrable security maturity and a stronger position in supplier reviews, tenders and audits.
- Limits
- No active testing of third-party systems; no completeness guarantee.
05
Agency / software house / SaaS, client portals, DNS, brand trust
- Situation
- An agency or software house with access to client systems wants to assess its own attack surface.
- Business risk
- An incident at a service provider can affect several clients and overall brand trust.
- Visible signals
- Exposed subdomains, publicly discoverable repositories, SaaS accounts without MFA, unclear DNS hygiene.
- Measures
- Access and account readiness, DNS/domain hygiene, hardening SaaS (e.g. Microsoft 365 / Google Workspace).
- Benefit
- Lower risk of passing exposure on to clients and a credible trust signal.
- Limits
- No unauthorised testing of third-party or client systems; only after approval.
06
Property management / document exchange & payment-process risk
- Situation
- A property manager with many stakeholders and high payment volumes wants to assess process risks.
- Business risk
- Payment fraud, incorrect account details and loss of trust among owners and tenants.
- Visible signals
- Spoofable emails, unclear approvals, sensitive documents shared via insecure channels.
- Measures
- Email authentication, a verification process for account-detail changes, governed and protected document exchange.
- Benefit
- Lower fraud risk in the payment process and clearly governed procedures.
- Limits
- No guarantee of success; process implementation remains with the manager.
07
SMB / email, domain and incident-plan readiness
- Situation
- A company wants to know how vulnerable its website, email and domains appear externally and how prepared it is for disruptions.
- Business risk
- Compromised accounts, invoice fraud and longer outages without an incident plan.
- Visible signals
- Weak mail configuration (SPF/DKIM/DMARC), accounts without MFA, a missing or untested incident plan.
- Measures
- Harden mail auth and MFA, review backup/restore readiness, establish incident-plan foundations.
- Benefit
- A clear short report with prioritised actions and greater confidence in what to do.
- Limits
- No active intervention without approval; no completeness guarantee.
08
Account takeover / phishing initial assessment
- Situation
- After a phishing message, there is a suspicion of a taken-over email or account — a structured initial assessment is needed.
- Business risk
- Further account access, data leakage and knock-on damage to contacts or the company.
- Visible signals
- Unusual logins, changed forwarding rules, suspicious messages and provider indicators supplied by the affected party.
- Measures
- Prioritised hardening steps, preserving indicators (logins, messages, timestamps), a documented assessment.
- Benefit
- A clear basis for reporting, provider contact and next steps.
- Limits
- No recovery guarantee; implementation with providers remains with those affected.