Table of Contents
- Is Your Business Ignoring a Frighteningly Simple Way for Criminals to Steal Your Money?
- The Anatomy of the Attack
- A System-Wide Security Failure
- No Email Authentication
- Passwords Stored in Plain Text
- Outdated Infrastructure
- Actionable Steps to Protect Your Business
- Audit Your Email Security
- Train Your Team
- Strengthen Your Payment Processes
Is Your Business Ignoring a Frighteningly Simple Way for Criminals to Steal Your Money?
Your business could become the next victim of a simple but costly email scam. A recent incident at a Ford dealership shows how easily cybercriminals can steal large sums of money by exploiting weak email security. Understanding this threat is the first step toward protecting your company.
The Anatomy of the Attack
Criminals are using a technique called spoofing. They send an email that looks like it came from a trusted person, such as your company’s CEO. In this fake email, they instruct an employee to pay an invoice or transfer funds to a new bank account. The employee, believing the request is legitimate, sends the money directly to the criminals.
This exact scenario happened on October 16, 2025. An employee at a Ford dealership was tricked by a spoofed email and transferred a significant amount of money to an account in Poland. While invoice fraud is not new, the investigation into this case uncovered a much deeper problem.
A System-Wide Security Failure
The investigation revealed that the dealership’s email provider, T-Systems/Itenos, which hosts email for many car dealerships in the Ford, Volvo, Jaguar, and Land Rover networks, has critical security weaknesses. These vulnerabilities make it easy for criminals to carry out spoofing attacks against all of the provider’s clients.
No Email Authentication
The provider’s system did not support SPF, DKIM, or DMARC. These are standard security protocols that act like a digital passport for your emails. They help receiving email servers verify that a message actually came from your domain, which is crucial for blocking fakes.
Passwords Stored in Plain Text
An administrator for the email service reported that user passwords were not encrypted. They were stored as plain text in a database. If that database were ever compromised, criminals would have the passwords for every account.
Outdated Infrastructure
The system’s customer portal is old and appears to be poorly maintained. Simple account changes often require customers to fill out and submit PDF forms, a slow and insecure process.
While the attack on the Ford dealership may have started with a random list of email addresses, the provider’s lack of basic security made the company a perfect, defenseless target.
Actionable Steps to Protect Your Business
You must act to ensure your company is not similarly exposed. Taking these steps can significantly lower your risk of falling victim to email fraud.
Audit Your Email Security
Contact your email provider immediately. Ask them if they fully support and have implemented SPF, DKIM, and DMARC for your domain. If the answer is no, or if they are unsure, you should strongly consider moving to a modern email provider that prioritizes security.
Train Your Team
Your employees are your first line of defense. Teach them to be cautious of any email that requests a payment, especially if it is urgent or involves a change in bank account details. Establish a clear policy that requires verbal confirmation over the phone or in person for any such request before a transfer is made.
Strengthen Your Payment Processes
Review your company’s procedure for paying invoices. Implement a multi-person approval process for all payments above a certain threshold. New EU rules for verifying a payee’s name and account number can help, but these checks can sometimes be bypassed, so a strong internal policy is still essential.
The threat from spoofing is serious, and it thrives on outdated technology and a lack of awareness. By securing your email systems and educating your team, you can close the door on these criminals and protect your company’s finances.