Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Share this article
Related posts
  • Blog
    Research: Only 22 of the top 100 retailers are protected by DMARC
  • Blog
    DMARC authentication gets you the deliverability you deserve
  • Blog
    How vulnerable are U.S. election operations to email spoofing?
Valimail blog

One of Europe’s biggest companies just lost $45M in a business email scam

Author: Valimail

Leoni AG, a billion-dollar (market cap) manufacturer of cables and cable harnesses for car manufacturers, announced last month that it had fallen victim to a business email compromise (BEC) scam. The cost? 40 million Euros, or about $45 million.

Leoni announced the fraud on August 16, a few days after it had happened. Upon hearing the news, the stock markets reacted by slicing Leoni’s stock by 8 percent, erasing about $60 million in market value from the company. The stock has since recovered somewhat, but is still lower than it was on August 15, when it was at an 8-month high. And the top headlines on the Google Finance page for Leoni still highlight the fraud — an ongoing public relations headache for the company.

Add the lost cash and the loss in market value together, and Leoni said goodbye to about $100 million in one day — all because of a single email.

That email followed the classic BEC pattern. It was sent to the chief financial officer of the company’s Romanian factory, and appeared to be an email from Leoni’s CEO. Naturally, the CFO responded by following the boss’s instructions and transferring the money as requested. There was just one problem: The account the funds were being transferred into belonged to scammers, who still haven’t been found.

Leoni’s press release noted that the company’s IT infrastructure and data security had not been damaged. This was an impersonation attack, plain and simple.

Why does this keep happening? It’s because Leoni, like most companies, is not taking advantage of available tools that can validate the identity of an email sender. While it does have an SPF record setup, Leoni is not using DMARC, the more complete and more current email authentication technology, as Valimail’s email authentication checker reveals.

In the absence of email authentication (through standards such as SPF, DKIM, and DMARC), it’s all too easy for senders to impersonate executives at a company. Add in some social engineering and a well-crafted email body, and you can see how people keep falling for scams like this.

If there’s any consolation for Leoni’s executives, it’s that they’re not alone. A U.S. company recently lost $98 million through a similar BEC scam. And the FBI estimates that $3.1 billion has been lost through BEC since January, 2015.

But wouldn’t it be better to just stop the scams through effective email authentication?

Back to blog
Published September 7, 2016
  • Cybersecurity
  • Email
  • Fraud
  • security
Author: Valimail
Valimail is the global leader in zero-trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world's largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. Valimail is the fastest growing DMARC solution, with the most domains at DMARC enforcement, and is the premier DMARC partner for Microsoft 365 environments. For more information visit www.valimail.com.
Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers
Subscribe to our newsletter

Get exclusive content on improving email security and deliverability from the experts at Valimail.

  • *
    I understand that I may proactively manage my preferences, or opt-out of Valimail communications at any time using the unsubscribe link provided in Valimail email communication. I confirm that I am over the age of 16. The information that you provide will be used in accordance with the terms of our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.