On Tuesday (23 May), Bank of England Governor Mark Carney became the second high-profile victim of an email hoax that had caught out the chief executive of Barclays earlier this month.
The faux pas saw Carney engage in an email exchange with someone pretending to be Anthony Habgood, the chairman of the court of the BoE. The hoax was carried out by the same prankster who surged to prominence earlier this month, when he tricked Barclays CEO Jes Staley into a conversation, while pretending to be John McFarlane, the bank's chairman.
While amusing and largely light-hearted, both incidents will raise serious concerns over cyber security systems at the highest level of the financial world. More importantly, who is the anonymous prankster and will other public figures be targeted?
Who hides behind the hoax
Information on the perpetrator are very thin on the ground. The unidentified prankster uses the Twitter handle @sinon_reborn and joined the social media platform earlier this month and he also a Facebook profile as, according to one of his tweets, Twitter can be a "tad restrictive".
The name Sinon refers to the Greek mythology. The son of Aesimus, Sinon was a Greek warrior during the Trojan War and, in Virgil's Aeneid, he is credited with convincing the Trojans, who held him captive, that the giant wooden horse the Greeks had left behind was intended as a gift to the gods.
That suggests the prankster might have chosen his Twitter name to indicate someone operating from the inside.
How does the prankster operate?
Operating from the inside has indeed been at the centre of both attacks, as the prankster convinced Carney and Staley of being someone working for their respective organisations.
In both instances the impostor set up bogus email accounts - firstname.lastname@example.org in the exchange with Carney and email@example.com in the conversation with the Barclays boss, which tricked its victims into believing they were sharing messages with their real colleagues.
Why were Carney and Staley targeted?
The prankster said the hoax on the BoE was borne"more from idle curiosity", than any specific grievance with the Old Lady of Threadneedle Street, according to City A.M.. Barclays, however, had attracted his ire after failing to return a complaint.
Will more people be targeted?
In a tweet posted overnight, the prankster said he did not have more pranks planned, before admitting there were a few people he "was interested in". As a result, expect big financial institutions to step up their cyber security measures.