Barclays activated a new email security step for all staff, a source told Business Insider, after its CEO Jes Staley was tricked into an email exchange with someone pretending to be the bank’s chairman.

Just over a week ago, Staley had an email conversation with the prankster, who was reportedly a disgruntled customer pretending to be chairman John McFarlane. The hoaxer used a Gmail address with the username john.mcfarlane.barclays to contact Staley shortly after the bank’s annual general meeting on Wednesday.

The trick was relatively crude. The emails even contained a poem that spelled out “whistle-blower” when looking at the first letters, a reference to the controversy over Staley’s handling of a recent whistle-blower case at the bank. Staley still responded thinking he was talking to the chairman.

After the incident, a feature that was previously only available when emailing from a desktop, was applied to mobile email users. Barclays activated a warning message for staff emailing via their mobile phones that appears whenever they email an external email address. The new step, first reported by The Financial Times, also unveils the recipient’s full email address even if it was hidden.

Barclays declined to comment.

Staley and Barclays are the subjects of investigations by the UK's Financial Conduct Authority and by Prudential Regulation Authority over an incident in which the CEO tried to reveal the identity of a whistle-blower who wrote two anonymous letters about the conduct of a senior executive he hired. He apologised to shareholders at Barclays' annual general meeting on May 10 for the incident.

Staley received an email from someone he thought was Barclays' chairman, John McFarlane, at 8.47 p.m. BST (3.47 p.m. ET) shortly after the recent AGM.

In fact, it was just a disgruntled customer pretending to be the Barclays Chairman, sending an email with the subject title: "The fool doth think he is wise."

You can read the exchange here.