FACC, an Austrian-based manufacturer of airplane parts, has fired its CEO, Walter Stephan, after he fell victim to an email scam that defrauded the company of €52.8 million ($56.79 million). Ryan Kalember, senior vice president of cybersecurity strategy for Proofpoint commented below.
Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint comments:
Business email compromise attacks are hitting all industries, at a scale never seen before and we don’t anticipate it will slow down anytime soon. As evident with this unfortunate FACC event, these attacks can have serious financial consequences. The recent surge in impostor emails is part of a larger cybercrime trend—fooling humans into becoming unwitting accomplices in the quest to steal information and money. Attackers are moving away from technical exploits and are exploiting human curiosity and trust. Our research also indicates that cybercriminals are increasingly employing mass email personalization to further convince victims to click.
It’s especially critical that finance, payroll, and human resources departments be alert for these scams as nearly 50% target the CFO and 25% target HR inboxes. Impostor messages often ask employees to keep things confidential and bypass normal approval channels. Employees should be suspicious if they receive a request for unusual information or a wire transfer via email. Check the reply-to email address and always call to confirm the request.
Because these threats do not use malicious attachments or URLs, they can evade security solutions that look for only malicious content and behavior. Impostor emails require a solution that can dynamically analyze the attributes of all email as it arrives and detect anomalies that reveal the threat.”