In the wake of the much-discussed payroll company that fired an employee for falling victim to a spear phishing scam, an Austrian manufacturer has fired its CEO and financial chief after the company gave away more than $50 million due to a CEO impersonation attack.
As with Alpha Payroll, it’s worth asking: Did the company, FACC AG, take the IT security steps necessary to prevent this kind of fraud? We can look at the company’s DNS record using the DMARC lookup tool ValiMail makes available for free on our website.
Indeed, we see that FACC.com has neither DMARC nor SPF in place.
Unlike in the case of the fired Alpha Payroll employee, here one might argue that the CEO ultimately was responsible for seeing to it that this method of theft doesn’t succeed — among other duties — and therefore that the firing was justified.
DMARC would have been a great way for the former CEO to do so. Had DMARC enforcement been in place, these two senior executives wouldn’t have lost many tens of millions of dollars in cash, taken the company from profitability to a 23 million Euro loss, and ultimately given up their positions with the company.
Two other noteworthy items from this episode:
- Spear phishing and CEO impersonation attacks are not exclusive to North America or the English language. In January of this year the FBI reported that it had identified business email compromise (BEC) scams across 45 countries for a recent 14-month period.
- C-level executives were held accountable for this high impact attack and its devastating effect on the company’s P&L. We wouldn’t be surprised to see increased attention on the senior executives who are empowered and responsible to protect against these threats.
Keep an eye on the Valimail blog for updates on this rapidly trending cyber threat.