How The Club Company Stopped 1,600 Email Attacks
The email was legitimately from a trusted third party. That’s why it worked.
It came from a supplier The Club Company already knew and trusted. There was no suspicious attachment, no strange domain, and no obvious warning sign. The message came from a real supplier account that had been compromised.
Microsoft 365 did not block it.
Ten employees entered their credentials.
But the attackers never got access.
That is because The Club Company had an additional behavioural AI layer in place through Peritus. It detected what the email itself did not reveal: unusual account activity, suspicious login behaviour, and session patterns that did not match the users’ normal baseline.
The platform responded automatically. Sessions were revoked. Compromised accounts were disabled. The attack was contained before it became a security incident.
As Sam Drake, IT Services Manager at The Club Company, explained:
“The email got through because it came from a trusted supplier’s account that had been compromised. People interacted with it, but Abnormal identified what was happening and prevented it from turning into a security incident.”
Microsoft 365 is a strong foundation for business email. It blocks huge volumes of spam, malware, and known threats every day.
But modern attacks increasingly do not look like traditional threats.
They come from trusted accounts. They use real relationships. They contain no malicious attachment. They rely on people responding to emails that appear completely normal.
That is what makes vendor email compromise so difficult to detect. Once an attacker controls a supplier’s mailbox, they can use previous conversations, familiar language, and legitimate domains to bypass traditional checks.
A standard email filter asks: does this message match a known threat?
Behavioural AI asks a different question: does this message, login, and account activity fit the normal pattern?
That difference matters.
The Club Company operates country clubs across the UK, with teams working across golf, health, fitness, hospitality, and customer service. Like many mid-market organisations, its IT team manages a wide environment with limited time and no room for missed alerts.
After deploying behavioural AI email security through Peritus, The Club Company saw the scale of the threat more clearly.
In the first 90 days, the platform blocked more than 1,600 email attacks and prevented over 1,000 credential phishing attempts. In one recent 30-day period, it stopped a further 302 threats.
Deployment took minutes, not months.
As Sam put it:
“Click approve with an admin account and it’s done.”
For a stretched IT team, that simplicity matters. Protection cannot create another complex project. It needs to work quickly, quietly, and without relying on every employee spotting every threat.
This was not a failure of Microsoft 365. And it was not a failure of The Club Company’s employees.
It was a modern attack designed to exploit trust.
That is why organisations need protection that works beyond the inbox. Stopping malicious emails matters, but when a trusted supplier account is compromised, the real risk often begins after someone clicks.
Behavioural AI helps close that gap by monitoring identity, login behaviour, communication patterns, and account activity in real time.
For The Club Company, that meant attackers had the credentials — but never got the access.
Most organisations do not know what is getting through their Microsoft 365 environment until something goes wrong.
Peritus’s free Microsoft 365 Security & Optimisation Health Check shows you where you stand, including:
No pressure. No hard sell. Just a clear view of your current risk.
Book your free Microsoft 365 Security & Optimisation Health Check.
Browse more content in this category and keep building your knowledge with helpful insights, tutorials, and real-world tips.
Independent UK-based specialists in cloud and cyber security.
St Albans & London UK
Connect on LinkedIn
