Malware, Phishing

CEO sacked after aircraft company grounded by whaling attack


The CEO of an Austrian aircraft parts manufacturer has been sacked after the company lost €40.9 million (£31 million) to a whaling attack.

A whaling attack is also known as a C-level fraud and BEC (business email scam) and involves targeting high level executives with forged emails asking for urgent payments. Usually they are spoofed to appear to come from a trusted colleague or business partner.

FACC Operations GmbH is an Austrian company that produces spare parts for major aircraft manufacturers. In January it revealed that it had been the victim of an email fraud in which it lost €50 million (£38 million) as a result of the CEO falling for a whaling attack.

Since then the company reports it managed to recover €10 million, reducing the losses to €40 million. This loss wiped out its profits for the year, resulting in a net loss of €23 million (£17.5 million).

The company had previously stated that while the amount lost had been large, it didn't pose an “economic threat to the company”, although it did lead to an immediate 17 percent drop in its share price.

The CEO, Walter Stephan, was sacked following the release of the company's annual results. He had been CEO for the past 17 years. The company sacked its chief financial officer over the same incident in February.

Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, warned that BECs are hitting all industries, with no sign of it letting up. “As evident with this unfortunate FACC event, these attacks can have serious financial consequences. The recent surge in impostor emails is part of a larger cyber-crime trend — fooling humans into becoming unwitting accomplices in the quest to steal information and money,” he said.

Proofpoint research indicates that the problem will get worse as cyber-criminals use large databases of personal information and automated tools to personalise these emails on a mass scale.

“It's especially critical that finance, payroll, and human resources departments be alert for these scams as nearly 50 percent target the CFO and 25 percent target HR inboxes. Impostor messages often ask employees to keep things confidential and bypass normal approval channels. Employees should be suspicious if they receive a request for unusual information or a wire transfer via email. Check the reply-to email address and always call to confirm the request.”

It's more difficult to screen out imposter emails because they don't use malicious attachments or dodgy URLs. 

In a report issued at the end of 2015, Mimecast predicted a rise in whaling attacks in 2016, a conclusion based on a survey of 500 IT experts in the US, UK, South Africa and Australia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.